प्लेटफ़ॉर्म
php
घटक
totara-lms
में ठीक किया गया
13.0.1
13.1.1
13.2.1
13.3.1
13.4.1
13.5.1
13.6.1
13.7.1
13.8.1
13.9.1
13.10.1
13.11.1
13.12.1
13.13.1
13.14.1
13.15.1
13.16.1
13.17.1
13.18.1
13.19.1
13.20.1
13.21.1
13.22.1
13.23.1
13.24.1
13.25.1
13.26.1
13.27.1
13.28.1
13.29.1
13.30.1
13.31.1
13.32.1
13.33.1
13.34.1
13.35.1
13.36.1
13.37.1
13.38.1
13.39.1
13.40.1
13.41.1
13.42.1
13.43.1
13.44.1
13.45.1
14.0.1
14.1.1
14.2.1
14.3.1
14.4.1
14.5.1
14.6.1
14.7.1
14.8.1
14.9.1
14.10.1
14.11.1
14.12.1
14.13.1
14.14.1
14.15.1
14.16.1
14.17.1
14.18.1
14.19.1
14.20.1
14.21.1
14.22.1
14.23.1
14.24.1
14.25.1
14.26.1
14.27.1
14.28.1
14.29.1
14.30.1
14.31.1
14.32.1
14.33.1
14.34.1
14.35.1
14.36.1
14.37.1
15.0.1
15.1.1
15.2.1
15.3.1
15.4.1
15.5.1
15.6.1
15.7.1
15.8.1
15.9.1
15.10.1
15.11.1
15.12.1
15.13.1
15.14.1
15.15.1
15.16.1
15.17.1
15.18.1
15.19.1
15.20.1
15.21.1
15.22.1
15.23.1
15.24.1
15.25.1
15.26.1
15.27.1
15.28.1
15.29.1
15.30.1
15.31.1
15.32.1
16.0.1
16.1.1
16.2.1
16.3.1
16.4.1
16.5.1
16.6.1
16.7.1
16.8.1
16.9.1
16.10.1
16.11.1
16.12.1
16.13.1
16.14.1
16.15.1
16.16.1
16.17.1
16.18.1
16.19.1
16.20.1
16.21.1
16.22.1
16.23.1
16.24.1
16.25.1
16.26.1
17.0.1
17.1.1
17.2.1
17.3.1
17.4.1
17.5.1
17.6.1
17.7.1
17.8.1
17.9.1
17.10.1
17.11.1
17.12.1
17.13.1
17.14.1
17.15.1
17.16.1
17.17.1
17.18.1
17.19.1
17.20.1
18.0.1
18.1.1
18.2.1
18.3.1
18.4.1
18.5.1
18.6.1
18.7.1
CVE-2024-3931 is a cross-site scripting (XSS) vulnerability affecting Totara LMS versions 13.0 through 18.7. This vulnerability allows attackers to inject malicious scripts into the application, potentially leading to session hijacking or defacement. The issue resides within the admin/roles/check.php file, specifically in the handling of the ID Number argument. Affected users should upgrade to a patched version to mitigate this risk.
Successful exploitation of CVE-2024-3931 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Totara LMS platform. This can lead to various malicious outcomes, including stealing user credentials (session hijacking), redirecting users to phishing sites, or modifying the appearance of the LMS to deceive users. The remote nature of the vulnerability means an attacker does not need to be authenticated to exploit it, significantly expanding the potential attack surface. The impact is amplified if the LMS is used for sensitive training or contains Personally Identifiable Information (PII).
CVE-2024-3931 has been publicly disclosed, and a proof-of-concept may be available. The vulnerability's LOW CVSS score suggests a relatively low level of technical difficulty to exploit. As of the writing of this document, there is no indication of active exploitation campaigns targeting this vulnerability. The vulnerability was published on 2024-04-18.
Organizations using Totara LMS for learning management, particularly those with publicly accessible LMS portals or those who allow external users to interact with the system, are at risk. Environments with legacy configurations or those that haven't implemented robust security practices are also more vulnerable.
• php: Examine web server access logs for requests to admin/roles/check.php with unusual or malformed ID Number parameters. Use grep to search for patterns indicative of XSS payloads (e.g., <script>, javascript:, onerror=).
grep -i 'script|javascript|onerror' /var/log/apache2/access.log | grep 'admin/roles/check.php'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.10% (27% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-3931 is to upgrade Totara LMS to a patched version: 13.46, 14.38, 15.33, 16.27, 17.21, or 18.8. Before upgrading, it's crucial to back up your Totara LMS database and configuration files. If a direct upgrade is not feasible due to compatibility issues, consider rolling back to a previous, known-stable version if possible. While a WAF might offer some protection, it is not a substitute for patching. Monitor web application logs for suspicious activity, particularly requests targeting the admin/roles/check.php endpoint with unusual parameters. After upgrade, confirm the vulnerability is resolved by attempting a test XSS payload in the affected area.
Totara LMS को संस्करण 13.46, 14.38, 15.33, 16.27, 17.21 या 18.8, या बाद के संस्करण में अपडेट करें। यह यूजर सेलेक्टर घटक में क्रॉस-साइट स्क्रिप्टिंग (XSS) भेद्यता को ठीक कर देगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-3931 is a cross-site scripting (XSS) vulnerability in Totara LMS versions 13.0–18.7, allowing attackers to inject malicious scripts via the admin/roles/check.php file.
If you are using Totara LMS versions 13.0 through 18.7, you are potentially affected by this vulnerability. Upgrade to a patched version to mitigate the risk.
Upgrade Totara LMS to version 13.46, 14.38, 15.33, 16.27, 17.21, or 18.8. Back up your data before upgrading.
As of the current date, there is no confirmed evidence of active exploitation, but the vulnerability is publicly disclosed and a PoC may be available.
Refer to the official Totara LMS security advisory for detailed information and updates: [https://totaralms.com/security/](https://totaralms.com/security/)
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।