Description

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.

Remediation

References

CVE-2021-32477

Related Vulnerabilities

WordPress Plugin Contact Form Email Cross-Site Scripting (1.3.24)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19846)

CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)

WordPress Plugin Delete Comments By Status Multiple Cross-Site Scripting Vulnerabilities (1.5.2)

WordPress Plugin Testimonial WordPress-AP Custom Testimonial includes Backdoor [Only if downloaded via the vendor website] (1.4.6)

Severity

Medium

Classification

CVE-2021-32477 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities