Описание
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| cosmic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| devel | not-affected | 3.0.3+dfsg-0ubuntu1 |
| disco | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/bionic | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-apps/xenial | not-affected | 3.0.3+dfsg-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
10
3.5 Low
CVSS2
Связанные уязвимости
nvd
больше 10 лет назад
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
debian
больше 10 лет назад
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...
fstec
больше 10 лет назад
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю проводить межсайтовый скриптинг
3.5 Low
CVSS2