Description

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

Remediation

References

CVE-2023-5545

Related Vulnerabilities

Sqlite Divide By Zero Vulnerability (CVE-2019-16168)

MySQL CVE-2013-5882 Vulnerability (CVE-2013-5882)

Drupal Core 5.x Multiple Cross-Site Request Forgery Vulnerabilities (5.0 - 5.1)

WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)

WordPress Plugin My WordPress Login Logo Multiple Unspecified Vulnerabilities (2.1)

Severity

Medium

Classification

CVE-2023-5545 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities