Boletines de Vulnerabilidades

MSA-20-0001: Stored XSS in message conversation overview

Información sobre el sistema
   
Software afectado PHP

Descripción
by Michael Hawkins. Messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored XSS.Severity/Risk:SeriousVersions affected:3.8Versions fixed:3.8.1Reported by:Cid da CostaWorkaround:Disable the messaging system until the patch has been applied.CVE identifier:CVE-2020-1691Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67637Tracker issue:MDL-67637 Stored XSS in message conversation overview

More info:

https://moodle.org/mod/forum/discuss.php?d=395953&parent=1596360

Identificadores estándar
Propiedad Valor
CVE CVE-2020-1691.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2020-01-21

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT