ByteOS Network

CVE Vulnerability Details :

CVE-2019-3810

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-25 Mar, 2019 | 00:00

Updated At-04 Aug, 2024 | 19:19

▼CVE Numbering Authority (CNA)

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

Affected Products

Vendor

[UNKNOWN]

Product

moodle

Versions

Affected

3.6.2
3.5.4
3.4.7
3.1.16

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79

Metrics

Version	Base score	Base severity	Vector
3.0	4.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810	N/A
https://moodle.org/mod/forum/discuss.php?d=381230#p1536767	N/A
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372	N/A
http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html	N/A

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810	x_transferred
https://moodle.org/mod/forum/discuss.php?d=381230#p1536767	x_transferred
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372	x_transferred
http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html	x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References