CVE-2019-3810
MEDIUM5.3EPSS 8.4%Moodle XSS Vulnerability
發布日:2022/5/13修改日:2024/2/16
描述
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
受影響套件(1)
- Packagist/moodle/moodle>= 3.6.0, < 3.6.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-3810
- PATCHhttps://github.com/moodle/moodle
- WEBhttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
- WEBhttp://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810
- WEBhttps://moodle.org/mod/forum/discuss.php?d=381230#p1536767