MSA-19-0001: Manage groups capability is missing XSS risk flag
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
von Michael Hawkins. The manage groups capability did not have the XSS risk flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.Severity/Risk:MinorVersions affected:3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versionsVersions fixed:3.6.2, 3.5.4, 3.4.7 and 3.1.16Reported by:Fariskhi VidyanCVE identifier:CVE-2019-3808Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=381228&parent=1536765 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2019-3808. |