Description Authenticated users were able to enumerate other users' names via the learning plans page. Remediation References CVE-2023-28334 Related Vulnerabilities Oracle JRE CVE-2013-2473 Vulnerability (CVE-2013-2473) WordPress Improper Input Validation Vulnerability (CVE-2013-4339) WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1) YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2885) MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23179) Severity Medium Classification CVE-2023-28334 CWE-639 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities