MSA-19-0003: User full name is not escaped in the un-linked userpix page
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
von Michael Hawkins. The /userpix/ page did not escape users full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.Severity/Risk:MinorVersions affected:3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versionsVersions fixed:3.6.2, 3.5.4, 3.4.7 and 3.1.16Reported by:Fariskhi VidyanCVE identifier:CVE-2019-3810Changes
More info:
https://moodle.org/mod/forum/discuss.php?d=381230&parent=1536767 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2019-3810. |