CVE-2019-3810

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-3810

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3810.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-3810

Aliases

GHSA-wm4w-8vc6-2j4h

Downstream

UBUNTU-CVE-2019-3810

Published

2019-03-25T18:29:00.807Z

Modified

2026-04-11T19:42:17.393034Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

268abfacc54c4cbf9722c1502569b311c7caefff

Last affected

da70ec0cca362afc183ee4c3d00f08f4e99116ec

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

d1e834866e37353bdd82bd8bb92fb26a39f39117

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Last affected

789dcd6975004dfaa2d4d3086267fb29cba84da8

Introduced

cb628a9a08933c2a9f1eae2f3be70ea5d343b419

Last affected

d09dc52b0a9e229b75d760368b225132841cbd42

Database specific

{
    "cpe": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.15"
        },
        {
            "introduced": "3.4.0"
        },
        {
            "last_affected": "3.4.6"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "last_affected": "3.5.3"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "last_affected": "3.6.1"
        }
    ]
}

Affected versions

v3.*

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.12

v3.1.13

v3.1.14

v3.1.15

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.6.0

v3.6.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3810.json"