Search for vulnerabilities
| Vulnerability ID | VCID-s6uu-335k-yfbc |
| Aliases |
CVE-2019-3847
|
| Summary | Improper Input Validation Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847 | ||
| https://moodle.org/mod/forum/discuss.php?d=384010#p1547742 | ||
| CVE-2019-3847 | https://nvd.nist.gov/vuln/detail/CVE-2019-3847 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:39:03.005985+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3847.yml | 38.6.0 |