← volver
CVE-2019-3810

CVE-2019-3810

CVSS 4.3 MEDIUMEPSS 13.9%CWE-79
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
[UNKNOWN] · moodle
PoCs públicas encontradas3
githubgithub.com/farisv/Moodle-CVE-2019-381017cve_referencepacketstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.htmlno verificadoexploitdbwww.exploit-db.com/exploits/49814no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810https://moodle.org/mod/forum/discuss.php?d=381230#p1536767