Boletines de Vulnerabilidades

MSA-22-0010: Stored XSS in assignment bulk marker allocation form via user ID number


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Paul HoldenCVE identifier:CVE-2022-30596Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204Tracker issue:MDL-74204

More info:

https://moodle.org/mod/forum/discuss.php?d=434578&parent=1748722

Identificadores estándar

Propiedad Valor
CVE CVE-2022-30596.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2022-05-18
Ministerio de Defensa
CNI
CCN
CCN-CERT