MSA-22-0017: Stored XSS and blind SSRF possible via SCORM track details

MSA-22-0017: Stored XSS and blind SSRF possible via SCORM track details

by Michael Hawkins. Insufficient sanitizing of SCORM track details presented stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Rekter0CVE identifier:CVE-2022-35651Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921Tracker issue:MDL-71921 Stored XSS and blind SSRF possible via SCORM track

More info:

https://moodle.org/mod/forum/discuss.php?d=436458&parent=1756386Leer másÚltimas Vulnerabilidades

by Michael Hawkins. Insufficient sanitizing of SCORM track details presented stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Rekter0CVE identifier:CVE-2022-35651Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921Tracker issue:MDL-71921 Stored XSS and blind SSRF possible via SCORM track More info: https://moodle.org/mod/forum/discuss.php?d=436458&parent=1756386
CISO2CISO_NO_IMAGE_V2

by Michael Hawkins. Insufficient sanitizing of SCORM track details presented stored XSS and blind SSRF risks.Severity/Risk:SeriousVersions affected:4.0 to 4.0.1, 3.11 to 3.11.7, 3.9 to 3.9.14 and earlier unsupported versionsVersions fixed:4.0.2, 3.11.8 and 3.9.15Reported by:Rekter0CVE identifier:CVE-2022-35651Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921Tracker issue:MDL-71921 Stored XSS and blind SSRF possible via SCORM track

More info:

https://moodle.org/mod/forum/discuss.php?d=436458&parent=1756386Leer másÚltimas Vulnerabilidades

Facebook
Twitter
LinkedIn
Pinterest
admin

admin

All Posts »

Leave a Reply

Your email address will not be published. Required fields are marked *

Top Recommended Posts

Cybersecurity Salary for US market and Recruiting Trends Guide 2023 by Stanton House
Cybersecurity Salary for US market and Recruiting Trends Guide 2023 by Stanton House
How to Stop Business – Email Compromise Threats – Advanced techniques for fighting financial phishing fraud by CloudFlare
How to Stop Business – Email Compromise Threats – Advanced techniques for fighting financial phishing...
Cyber security breaches survey 2023
Cyber security breaches survey 2023
2022 VEEAM Ransomware Trends Report
2022 VEEAM Ransomware Trends Report
The Security Intelligence Handbook – How to Disrupt Adversaries and Reduce Risk with Security Intelligence – CYBEREDGE PRESS
The Security Intelligence Handbook – How to Disrupt Adversaries and Reduce Risk with Security Intelligence...
DDos Attacks Methods & Mitigations by Hadess
DDos Attacks Methods & Mitigations by Hadess
Implementing an IndustrialCybersecurity Program
Implementing an IndustrialCybersecurity Program
cisomag – Hardening Cyber Insurance Market Makes Cybersecurity More than a Tech Problem
cisomag – Hardening Cyber Insurance Market Makes Cybersecurity More than a Tech Problem
ChatGPT Legal Departments
ChatGPT Legal Departments
COSO Guidance Risk Appetite Critical to Success
COSO Guidance Risk Appetite Critical to Success