Security and privacy

Background info to / clarification on CVE-2017-7298?

 
Picture of Temp Account
Background info to / clarification on CVE-2017-7298?
 

Hi *,


since quite some time a XSS in the "Add a new course" seems to be published / registered via the following CVE:


https://nvd.nist.gov/vuln/detail/CVE-2017-7298


To me it looks like this is matching the "XSS" FAQ available here:


https://docs.moodle.org/30/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle


Still it could make sense to clarify your view on this with the researcher:


http://www.daimacn.com/index.php/post/12.html


or mitre:


https://cveform.mitre.org/


to get this CVE corrected / updated. Thanks

 
Average of ratings: -