Description

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.

Remediation

References

CVE-2019-3851

Related Vulnerabilities

WordPress Plugin Tablesome-Responsive Table, Woocommerce Automation, Email Log, Form Automation-Contact Form 7, Elementor, WPForms, Forminator Cross-Site Scripting (1.0.27)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7887)

WordPress Plugin WooCommerce Product Vendors Cross-Site Scripting (2.0.35)

WordPress Plugin Phoenix Media Rename Security Bypass (3.4.2)

WordPress Plugin BP GTM System Cross-Site Scripting (1.9.5)

Severity

Medium

Classification

CVE-2019-3851 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities