Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.113364 |
Kategorie: | Web application abuses |
Titel: | Moodle CMS <= 3.1.16, 3.4.x <= 3.4.7, 3.5.x <= 3.5.4 and 3.6.x <= 3.6.2 Multiple Vulnerabilities |
Zusammenfassung: | Moodle CMS is prone to multiple vulnerabilities. |
Beschreibung: | Summary: Moodle CMS is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Users with the 'login as other users' capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard is not being escaped when being viewed by the user logging in on their behalf. - Links within assignment submission comments open directly in the same window. Vulnerability Impact: An attacker might be able to steal session or cookie related info, or inject a malicious link to steal information or distribute malware. Affected Software/OS: Moodle CMS versions through 3.1.16, 3.4.0 through 3.4.7, 3.5.0 through 3.5.4 and 3.6.0 through 3.6.2. Solution: Update to version 3.1.17, 3.4.8, 3.5.5 or 3.6.3 respectively. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-3847 BugTraq ID: 107489 http://www.securityfocus.com/bid/107489 https://moodle.org/mod/forum/discuss.php?d=384010#p1547742 Common Vulnerability Exposure (CVE) ID: CVE-2019-3850 https://moodle.org/mod/forum/discuss.php?d=384013#p1547745 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |