VDB
CVE-2019-3810
CVE-2019-3810
PUBLISHED
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
EPSS 8.38% · 92.5th percentile
Risk Scores
EPSS Score
8.38%
92.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | moodle | *, *, * |
| Ubuntu:18.04:LTS | moodle | 3.0.3+dfsg-0ubuntu1, 0 |
Exploit Intelligence
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc-repo)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc)
- Moodle (< 3.6.2, < 3.5.4, < 3.4.7, < 3.1.16) XSS PoC for Privilege Escalation (Student to Admin) (github-poc)
…and 6 more exploits
Timeline
- Jan 21, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Apr 30, 2021 PoC Published
- Apr 30, 2021 EPSS Score
- May 1, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Nov 15, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-3810 third-party-advisory
- https://moodle.org/mod/forum/discuss.php?d=381230#p1536767 third-party-advisory
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-3810 third-party-advisory