PT-2019-16741 · Moodle · Moodle
Daniel Thatcher
·
Published
2019-03-27
·
Updated
2022-11-07
·
CVE-2019-3847
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 3.6.3
Moodle versions prior to 3.5.5
Moodle versions prior to 3.4.8
Moodle versions prior to 3.1.17
Description
A vulnerability was found that allows users with the
login as other users capability, such as administrators or managers, to access other users' Dashboards. However, the JavaScript added by those other users to their Dashboard is not properly escaped when viewed by the user logging in on their behalf.Recommendations
For versions prior to 3.6.3, update to version 3.6.3 or later.
For versions prior to 3.5.5, update to version 3.5.5 or later.
For versions prior to 3.4.8, update to version 3.4.8 or later.
For versions prior to 3.1.17, update to version 3.1.17 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle