CVE-2020-36633

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-36633
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36633.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-36633
Published
2022-12-27T13:15:10Z
Modified
2025-01-15T01:45:32.844341Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability was found in moodle-blocksitenews 1.0. It has been classified as problematic. This affects the function getcontent of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.1 is able to address this issue. The name of the patch is cd18d8b1afe464ae6626832496f4e070bac4c58f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216879.

References

Affected packages

Git / github.com/eberhardt/moodle-block_sitenews

Affected ranges

Type
GIT
Repo
https://github.com/eberhardt/moodle-block_sitenews
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0
v1.01
v1.03