Daniel Thatcher

#18903de 53,634
14.2CVSS total
Vulnerabilidades · 2
Média
1
Alta
1
PT-2019-16741
5.4
2019-03-27
Moodle · Moodle · CVE-2019-3847
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.6.3 Moodle versions prior to 3.5.5 Moodle versions prior to 3.4.8 Moodle versions prior to 3.1.17 **Description** A vulnerability was found that allows users with the `login as other users` capability, such as administrators or managers, to access other users' Dashboards. However, the JavaScript added by those other users to their Dashboard is not properly escaped when viewed by the user logging in on their behalf. **Recommendations** For versions prior to 3.6.3, update to version 3.6.3 or later. For versions prior to 3.5.5, update to version 3.5.5 or later. For versions prior to 3.4.8, update to version 3.4.8 or later. For versions prior to 3.1.17, update to version 3.1.17 or later.
PT-2018-13773
8.8
2018-11-26
Moodle · Moodle · CVE-2018-16854
**Name of the Vulnerable Software and Affected Versions** moodle versions 3.1 to 3.1.14 moodle versions 3.3 to 3.3.8 moodle versions 3.4 to 3.4.5 moodle versions 3.5 to 3.5.2 **Description** A flaw was found in the login form, which is not protected by a token to prevent login cross-site request forgery. **Recommendations** For moodle versions 3.1 to 3.1.14, update to version 3.1.15. For moodle versions 3.3 to 3.3.8, update to version 3.3.9. For moodle versions 3.4 to 3.4.5, update to version 3.4.6. For moodle versions 3.5 to 3.5.2, update to version 3.5.3.