Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-3808 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-3808

Medium
Reference: CVE-2019-3808
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-3808
Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

A flaw was found in Moodle versions 3.6 to 3.6.1 3.5 to 3.5.3 3.4 to 3.4.6 3.1 to 3.1.15 and earlier unsupported versions. The 39manage groups39 capability did not have the 39XSS risk39 flag assigned to it but does have that access in certain places. Note that the capability is intended for use by trusted users and is only assigned to teachers and managers by default.