CVE-2019-3847 in Moodleالمعلومات

الملخص

بحسب MITRE

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

03/01/2019

الاعتدال

تمت الموافقة

إدخال

VDB-132549

CPE

جاهز

CWE

CWE-20 (مؤكد)

CVSS

7.2 (NVD)

EPSS

0.00867

KEV

لا

النشاطات

منخفض جدًا

القطاع

Education, Police

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-3847
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-3847
CVE Details	https://www.cvedetails.com/cve/CVE-2019-3847/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!