5 matches found
GHSA-WM4W-8VC6-2J4H Moodle XSS Vulnerability
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its acces...
UBUNTU-CVE-2019-3810
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its acces...
CVE-2019-3810
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its acces...
PT-2019-16736 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: moodle versions 3.1 to 3.1.15 moodle versions 3.4 to 3.4.6 moodle versions 3.5 to 3.5.3 moodle versions 3.6 to 3.6.1 Description: A flaw was found in the software where the /userpix/ page did not properly escape users' full names. These names...
CVE-2019-3810
CVE-2019-3810 affects Moodle up to versions 3.6.1, 3.5.x, 3.4.x, and 3.1.x (and older unsupported), where the /userpix/ page did not escape users’ full names, enabling cross-site scripting text-based payloads on hover. The issue is documented as an XSS vulnerability with PoC activity and has been...