Web application abuses : Moodle CMS <= 3.1.16, 3.4.x <= 3.4.7, 3.5.x <= 3.5.4 and 3.6.x <= 3.6.2 Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.113364

Kategorie: Web application abuses

Titel: Moodle CMS <= 3.1.16, 3.4.x <= 3.4.7, 3.5.x <= 3.5.4 and 3.6.x <= 3.6.2 Multiple Vulnerabilities

Zusammenfassung: Moodle CMS is prone to multiple vulnerabilities.

Beschreibung: Summary:
Moodle CMS is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- Users with the 'login as other users' capability (such as administrators/managers) can access other users'
Dashboards, but the JavaScript those other users may have added to their Dashboard is not being escaped when
being viewed by the user logging in on their behalf.

- Links within assignment submission comments open directly in the same window.

Vulnerability Impact:
An attacker might be able to steal session or cookie related info,
or inject a malicious link to steal information or distribute malware.

Affected Software/OS:
Moodle CMS versions through 3.1.16, 3.4.0 through 3.4.7, 3.5.0 through 3.5.4 and 3.6.0 through 3.6.2.

Solution:
Update to version 3.1.17, 3.4.8, 3.5.5 or 3.6.3 respectively.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-3847
BugTraq ID: 107489
http://www.securityfocus.com/bid/107489
https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
Common Vulnerability Exposure (CVE) ID: CVE-2019-3850
https://moodle.org/mod/forum/discuss.php?d=384013#p1547745

Copyright Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.113364
Kategorie:	Web application abuses
Titel:	Moodle CMS <= 3.1.16, 3.4.x <= 3.4.7, 3.5.x <= 3.5.4 and 3.6.x <= 3.6.2 Multiple Vulnerabilities
Zusammenfassung:	Moodle CMS is prone to multiple vulnerabilities.
Beschreibung:	Summary: Moodle CMS is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Users with the 'login as other users' capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard is not being escaped when being viewed by the user logging in on their behalf. - Links within assignment submission comments open directly in the same window. Vulnerability Impact: An attacker might be able to steal session or cookie related info, or inject a malicious link to steal information or distribute malware. Affected Software/OS: Moodle CMS versions through 3.1.16, 3.4.0 through 3.4.7, 3.5.0 through 3.5.4 and 3.6.0 through 3.6.2. Solution: Update to version 3.1.17, 3.4.8, 3.5.5 or 3.6.3 respectively. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-3847 BugTraq ID: 107489 http://www.securityfocus.com/bid/107489 https://moodle.org/mod/forum/discuss.php?d=384010#p1547742 Common Vulnerability Exposure (CVE) ID: CVE-2019-3850 https://moodle.org/mod/forum/discuss.php?d=384013#p1547745
Copyright	Copyright (C) 2019 Greenbone Networks GmbH