CVE-2019-3810

Description

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected products

Unknown / moodle3.6.2 – 3.6.2
Unknown / moodle3.5.4 – 3.5.4
Unknown / moodle3.4.7 – 3.4.7
Unknown / moodle3.1.16 – 3.1.16

References

MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810
MISChttps://moodle.org/mod/forum/discuss.php?d=381230#p1536767
MISChttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372
EXPLOIThttp://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html