4 matches found
BIT-MOODLE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk...
CVE-2022-30354
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers...
CVE-2022-30354
OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers...
CVE-2022-30354
OvalEdge 5.2.8.0 and earlier suffers a Sensitive Data Exposure via a GET to /user/getUserWithTeam, requiring authentication. The vulnerability discloses data associated with all registered user IDs. Affected component/endpoint: /user/getUserWithTeam. Root cause is exposure of user data through an...