Описание
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| cosmic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| devel | not-affected | 3.0.3+dfsg-0ubuntu1 |
| disco | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/bionic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/xenial | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
3.5 Low
CVSS2
Связанные уязвимости
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю проводить межсайтовый скриптинг
EPSS
3.5 Low
CVSS2