Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3850

Опубликовано: 26 мар. 2019
Источник: nvd
CVSS3: 4.3
CVSS3: 6.1
CVSS2: 5.8
EPSS Низкий

Описание

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Версия до 3.1.17 (исключая)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Версия от 3.4.0 (включая) до 3.4.8 (исключая)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Версия от 3.5.0 (включая) до 3.5.5 (исключая)
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
Версия от 3.6.0 (включая) до 3.6.3 (исключая)

EPSS

Процентиль: 33%
0.00126
Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

ubuntu логотип

CVE-2019-3850

CVSS3: 4.3
ubuntu
около 6 лет назад

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

debian логотип

CVE-2019-3850

CVSS3: 4.3
debian
около 6 лет назад

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4. ...

github логотип

GHSA-3fj7-9j8m-7r8g

CVSS3: 6.1
github
около 3 лет назад

Moodle Stored HTML in assignment submission comments allowed links to be opened directly

EPSS

Процентиль: 33%
0.00126
Низкий

4.3 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601