Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2019-14827
  • Moodle » Moodle » Version: 3.5.0
    cpe:2.3:a:moodle:moodle:3.5.0
  • Moodle » Moodle » Version: 3.5.1
    cpe:2.3:a:moodle:moodle:3.5.1
  • Moodle » Moodle » Version: 3.5.2
    cpe:2.3:a:moodle:moodle:3.5.2
  • Moodle » Moodle » Version: 3.5.3
    cpe:2.3:a:moodle:moodle:3.5.3
  • Moodle » Moodle » Version: 3.5.4
    cpe:2.3:a:moodle:moodle:3.5.4
  • Moodle » Moodle » Version: 3.5.5
    cpe:2.3:a:moodle:moodle:3.5.5
  • Moodle » Moodle » Version: 3.5.6
    cpe:2.3:a:moodle:moodle:3.5.6
  • Moodle » Moodle » Version: 3.5.7
    cpe:2.3:a:moodle:moodle:3.5.7
  • Moodle » Moodle » Version: 3.6.0
    cpe:2.3:a:moodle:moodle:3.6.0
  • Moodle » Moodle » Version: 3.6.1
    cpe:2.3:a:moodle:moodle:3.6.1
  • Moodle » Moodle » Version: 3.6.2
    cpe:2.3:a:moodle:moodle:3.6.2
  • Moodle » Moodle » Version: 3.6.3
    cpe:2.3:a:moodle:moodle:3.6.3
  • Moodle » Moodle » Version: 3.6.4
    cpe:2.3:a:moodle:moodle:3.6.4
  • Moodle » Moodle » Version: 3.6.5
    cpe:2.3:a:moodle:moodle:3.6.5
  • Moodle » Moodle » Version: 3.7.0
    cpe:2.3:a:moodle:moodle:3.7.0
  • Moodle » Moodle » Version: 3.7.1
    cpe:2.3:a:moodle:moodle:3.7.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved