PT-2019-16741 · Moodle · Moodle

Daniel Thatcher

Publicado

2019-03-27

Atualizado

2022-11-07

CVE-2019-3847

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.6.3 Moodle versions prior to 3.5.5 Moodle versions prior to 3.4.8 Moodle versions prior to 3.1.17

Description A vulnerability was found that allows users with the login as other users capability, such as administrators or managers, to access other users' Dashboards. However, the JavaScript added by those other users to their Dashboard is not properly escaped when viewed by the user logging in on their behalf.

Recommendations For versions prior to 3.6.3, update to version 3.6.3 or later. For versions prior to 3.5.5, update to version 3.5.5 or later. For versions prior to 3.4.8, update to version 3.4.8 or later. For versions prior to 3.1.17, update to version 3.1.17 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-3847

GHSA-QRCJ-6FJW-3H9H

Produtos afetados

Moodle

PT-2019-16741 · Moodle · Moodle

CVE-2019-3847

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18