Home > Vulnerability Database > CVE-2019-14827

Mend.io Vulnerability Database

CVE-2019-14827

Date: May 17, 2021

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.

Language: PHP

Severity Score

6.1

Related Resources (5)

Url: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62284

Url: https://moodle.org/mod/forum/discuss.php?d=391030

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14827

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-14827

Url: https://www.mend.io/vulnerability-database/CVE-2019-14827

Severity Score

6.1

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-14827

Date: May 17, 2021

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?