Description

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20281

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7908)

Squid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19131)

WordPress Plugin Store Locator Plus for WordPress Cross-Site Scripting (4.5.10)

e107 Other Vulnerability (CVE-2005-3594)

Drupal Core 6.x Remote Code Execution (6.0 - 6.38)

Severity

Medium

Classification

CVE-2021-20281 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities