CVE-2018-1136

Опубликовано: 25 мая 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.

Ссылки

http://www.securityfocus.com/bid/104307
Third Party Advisory
VDB Entry
https://moodle.org/mod/forum/discuss.php?d=371202
Vendor Advisory
http://www.securityfocus.com/bid/104307
Third Party Advisory
VDB Entry
https://moodle.org/mod/forum/discuss.php?d=371202
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.11 (включая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.2.0 (включая) до 3.2.8 (включая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.3.0 (включая) до 3.3.5 (включая)

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Версия от 3.4.0 (включая) до 3.4.2 (включая)

EPSS

Процентиль: 55%

0.0033

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-1136

CVSS3: 4.3

ubuntu

около 7 лет назад

CVE-2018-1136

CVSS3: 4.3

debian

около 7 лет назад

An issue was discovered in Moodle 3.x. An authenticated user is allowe ...

GHSA-xhfw-wjjc-4j5h

CVSS3: 4.3

github

около 3 лет назад

Moodle Cross-site Scripting

EPSS

Процентиль: 55%

0.0033

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79