{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "5.1.26"
              },
              {
                "introduced": "5.2.0"
              },
              {
                "fixed": "5.2.15"
              },
              {
                "introduced": "5.3.0"
              },
              {
                "fixed": "5.3.4"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "ba288e35eed9075df6088e216cfe370675b6b2a9"
            },
            {
              "introduced": "b5e252d75801c5c0d47c40e773e502eb78f136bf"
            },
            {
              "fixed": "c98fb5a727163f9416127a5e26c89c8eaa54dc0b"
            },
            {
              "introduced": "a3f852a420235507d7cbe57d0e6c485667ab31cb"
            },
            {
              "fixed": "aad29de0e53aaa23980fa34f4c4f37a1182e04a2"
            }
          ],
          "repo": "https://github.com/ilias-elearning/ilias",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.",
  "id": "CVE-2018-10428",
  "modified": "2026-04-01T23:09:09.553440950Z",
  "published": "2018-05-23T20:29:00.217Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://www.ilias.de/docu/ilias.php?ref_id=1719\u0026from_page=116793\u0026obj_id=116793\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=wc\u0026baseClass=ilLMPresentationGUI"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.ilias.de/docu/ilias.php?ref_id=1719\u0026from_page=116805\u0026obj_id=116799\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=wc\u0026baseClass=ilLMPresentationGUI"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.ilias.de/docu/ilias.php?ref_id=1719\u0026obj_id=116792\u0026from_page=116805\u0026cmd=layout\u0026cmdClass=illmpresentationgui\u0026cmdNode=wc\u0026baseClass=ilLMPresentationGUI"
    },
    {
      "type": "EVIDENCE",
      "url": "http://packetstormsecurity.com/files/147726/ILIAS-5.3.2-5.2.14-5.1.25-Cross-Site-Scripting.html"
    },
    {
      "type": "EVIDENCE",
      "url": "http://www.securityfocus.com/archive/1/542025/100/0/threaded"
    },
    {
      "type": "EVIDENCE",
      "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-007.txt"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}