VDB
CVE-2019-14827
CVE-2019-14827
PUBLISHED
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.
EPSS 0.30% · 53.8th percentile
Risk Scores
EPSS Score
0.30%
53.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | moodle | 0, * |
| Ubuntu:16.04:LTS | moodle | 0, 2.7.9+dfsg-1, 2.7.11+dfsg-2 |
Exploit Intelligence
Timeline
- May 17, 2021 CVE Published
- May 18, 2021 EPSS Score
- Jul 21, 2021 EPSS Score
- Sep 20, 2021 EPSS Score
- Nov 21, 2021 EPSS Score
- Jan 21, 2022 EPSS Score
- May 24, 2022 EPSS Score
- Jul 26, 2022 EPSS Score
- Sep 25, 2022 EPSS Score
- Nov 26, 2022 EPSS Score
- Jan 27, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-14827 third-party-advisory
- https://moodle.org/mod/forum/discuss.php?d=391030 third-party-advisory
- https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14827 third-party-advisory