Blind XSS Vulnerability in Moodle LMS by Moodle
CVE-2019-14881

6.1MEDIUM

Key Information:

Vendor: [unknown]
Status: Moodle
Vendor: CVE Published:; 18 March 2020

What is CVE-2019-14881?

A vulnerability exists in Moodle LMS version 3.7 prior to 3.7.3 that allows for blind cross-site scripting (XSS) attacks. This security flaw occurs in areas where user email addresses are displayed, potentially enabling attackers to exploit this weakness to execute malicious scripts, targeting users without their consent. It underscores the critical need for users to update their installations promptly and apply necessary security patches to safeguard against such vulnerabilities.

Affected Version(s)

moodle 3.7.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14881

x_refsource_CONFIRM

https://moodle.org/mod/forum/discuss.php?d=393584#p1586746

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2020
Vulnerability Reserved
Aug 10, 2019

[unknown]

What is CVE-2019-14881?

Affected Version(s)

References

CVSS V3.1

Timeline