CVE-2019-3810

2019-03-2518:29:00

Google

osv.dev

6.4 Medium

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.4%

JSON

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users’ full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

CPENameOperatorVersion
moodleeq3.5.3
moodleeq3.5.0
moodleeq3.4.0
moodleeq3.2.0-rc5
moodleeq3.4.0-rc3
moodleeq3.3.0-rc1
moodleeq3.5.0-rc1
moodleeq3.2.0-rc2
moodleeq3.1.0
moodleeq3.3.0

Name	Operator	Version
moodle	eq	3.5.3
moodle	eq	3.5.0
moodle	eq	3.4.0
moodle	eq	3.2.0-rc5
moodle	eq	3.4.0-rc3
moodle	eq	3.3.0-rc1
moodle	eq	3.5.0-rc1
moodle	eq	3.2.0-rc2
moodle	eq	3.1.0
moodle	eq	3.3.0