Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.4.7

Type composer

Namespace moodle

Name moodle

Version 3.4.7

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.4.9

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-336n-hpzg-euhd

vulnerability_id VCID-336n-hpzg-euhd

summary

Cross-site Scripting
The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3808

reference_id

reference_type

scores

value	0.00173
scoring_system	epss
scoring_elements	0.38478
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3808

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/6360f87cdca744a6a71c315853f6d811a3e54e26

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/6360f87cdca744a6a71c315853f6d811a3e54e26

reference_url

https://moodle.org/mod/forum/discuss.php?d=381228#p1536765

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=381228#p1536765

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3808

reference_id

CVE-2019-3808

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3808

fixed_packages

url	pkg:composer/moodle/moodle@3.1.16
purl	pkg:composer/moodle/moodle@3.1.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16

url	pkg:composer/moodle/moodle@3.4.7
purl	pkg:composer/moodle/moodle@3.4.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7

url	pkg:composer/moodle/moodle@3.5.4
purl	pkg:composer/moodle/moodle@3.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4

url	pkg:composer/moodle/moodle@3.6.2
purl	pkg:composer/moodle/moodle@3.6.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2

aliases CVE-2019-3808, GHSA-4r2p-wpv5-683w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd

url VCID-k73h-z6j8-gkgz

vulnerability_id VCID-k73h-z6j8-gkgz

summary

Information Exposure
The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372

reference_url

http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3810

reference_id

reference_type

scores

value	0.08385
scoring_system	epss
scoring_elements	0.92457
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3810

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=381230#p1536767

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=381230#p1536767

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3810

reference_id

CVE-2019-3810

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3810

fixed_packages

url pkg:composer/moodle/moodle@3.1.15

purl pkg:composer/moodle/moodle@3.1.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-k73h-z6j8-gkgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15

url	pkg:composer/moodle/moodle@3.1.16
purl	pkg:composer/moodle/moodle@3.1.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16

url pkg:composer/moodle/moodle@3.4.6

purl pkg:composer/moodle/moodle@3.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-k73h-z6j8-gkgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6

url	pkg:composer/moodle/moodle@3.4.7
purl	pkg:composer/moodle/moodle@3.4.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7

url pkg:composer/moodle/moodle@3.5.3

purl pkg:composer/moodle/moodle@3.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-k73h-z6j8-gkgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3

url	pkg:composer/moodle/moodle@3.5.4
purl	pkg:composer/moodle/moodle@3.5.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4

url pkg:composer/moodle/moodle@3.6.1

purl pkg:composer/moodle/moodle@3.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-k73h-z6j8-gkgz

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.1

url	pkg:composer/moodle/moodle@3.6.2
purl	pkg:composer/moodle/moodle@3.6.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2

aliases CVE-2019-3810, GHSA-wm4w-8vc6-2j4h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7

Package Instance