Boletines de Vulnerabilidades

MSA-22-0017: Stored XSS and blind SSRF possible via SCORM track details

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Insufficient sanitizing of SCORM track details presented stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Rekter0CVE identifier:CVE-2022-35651Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921Tracker issue:MDL-71921 Stored XSS and blind SSRF possible via SCORM track

More info:

https://moodle.org/mod/forum/discuss.php?d=436458&parent=1756386

Identificadores estándar
Propiedad Valor
CVE CVE-2022-35651.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2022-07-19

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT