Описание
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
Ссылки
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1 (включая) до 3.1.13 (исключая)Версия от 3.3 (включая) до 3.3.7 (исключая)Версия от 3.4 (включая) до 3.4.4 (исключая)Версия от 3.5 (включая) до 3.5.1 (исключая)
Одно из
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00417
Низкий
6.3 Medium
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.3
ubuntu
почти 7 лет назад
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.
CVSS3: 7.3
debian
почти 7 лет назад
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13 ...
EPSS
Процентиль: 61%
0.00417
Низкий
6.3 Medium
CVSS3
7.3 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-20
NVD-CWE-noinfo