Description

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

CVE-2021-20281

Related Vulnerabilities

WordPress Plugin Notification-Custom Notifications and Alerts for WordPress Cross-Site Scripting (7.2.4)

WordPress Plugin ZdStatistics Cross-Site Scripting (2.0.1)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WordPress Plugin Premmerce Product Filter for WooCommerce Security Bypass (3.1.2)

WordPress 4.2.x Same Origin Method Execution (SOME) Vulnerability (4.2 - 4.2.7)

Severity

Medium

Classification

CVE-2021-20281 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities