CVE-2019-3847

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3847

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3847.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3847

Aliases

GHSA-qrcj-6fjw-3h9h

Related

UBUNTU-CVE-2019-3847

Published

2019-03-27T13:29:01Z

Modified

2024-09-03T02:53:57.043262Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Fixed

52bd62f2be983a1b8afb26b0f9bd08c60cbfd2e6

Affected versions

v3.*

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7