Description

A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.

Remediation

References

CVE-2019-14884

Related Vulnerabilities

Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)

TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)

Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)

WebLogic CVE-2018-2902 Vulnerability (CVE-2018-2902)

Severity

Medium

Classification

CVE-2019-14884 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities