exploitDog

GHSA-p7v9-gjrh-563x

Опубликовано: 13 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.3

Описание

Moodle XSS Vulnerability

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

Ссылки

Пакеты

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.5.0, < 3.5.1

3.5.1

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.4.0, < 3.4.4

3.4.4

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.3.0, < 3.3.7

3.3.7

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.2.0, < 3.2.10

3.2.10

Наименование

moodle/moodle

composer

Затронутые версииВерсия исправления

>= 3.1.0, < 3.1.13

3.1.13

EPSS

Процентиль: 61%

0.00417

Низкий

7.3 High

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2018-10891

CVSS3: 7.3

ubuntu

почти 7 лет назад

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

CVE-2018-10891

CVSS3: 7.3

nvd

почти 7 лет назад

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

CVE-2018-10891

CVSS3: 7.3

debian

почти 7 лет назад

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...

EPSS

Процентиль: 61%

0.00417

Низкий

7.3 High

CVSS3

CVE ID

Дефекты

CWE-20