CVE-2019-3847 in Moodleinfo

Zusammenfassung

von MITRE

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

03.01.2019

Moderieren

akzeptiert

Eintrag

VDB-132549

CPE

bereit

CWE

CWE-20 (bestätigt)

CVSS

7.2 (NVD)

EPSS

0.00867

KEV

nein

Aktivitäten

very low

Sektor

Police, Education

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-3847
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-3847
CVE Details	https://www.cvedetails.com/cve/CVE-2019-3847/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!