JavaScript Execution Vulnerability in Moodle Quiz Question Bank
CVE-2018-10891

6.3MEDIUM

Key Information:

Vendor: [unknown]
Status: Moodle
Vendor: CVE Published:; 10 July 2018

What is CVE-2018-10891?

A vulnerability exists in Moodle that could allow malicious JavaScript to be executed when a quiz question bank is imported. This issue is particularly concerning as it compromises the integrity of the quiz environment and could lead to unauthorized actions being executed in the user's context. Affected versions include those prior to 3.5.1, 3.4.4, 3.3.7, and 3.1.13. Users are strongly advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

moodle moodle 3.5.1

moodle moodle 3.4.4

moodle moodle 3.3.7

References

https://moodle.org/mod/forum/discuss.php?d=373371

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10891

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104739

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
May 9, 2018

[unknown]

What is CVE-2018-10891?

Affected Version(s)

References

CVSS V3.1

Timeline