{"url":"http://public2.vulnerablecode.io/api/packages/57640?format=json","purl":"pkg:composer/moodle/moodle@3.6.1","type":"composer","namespace":"moodle","name":"moodle","version":"3.6.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.2","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40837?format=json","vulnerability_id":"VCID-336n-hpzg-euhd","summary":"Cross-site Scripting\nThe 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=381228#p1536765","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=381228#p1536765"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3808","reference_id":"CVE-2019-3808","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3808"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57643?format=json","purl":"pkg:composer/moodle/moodle@3.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2"}],"aliases":["CVE-2019-3808"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=json","vulnerability_id":"VCID-k73h-z6j8-gkgz","summary":"Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=381230#p1536767","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=381230#p1536767"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3810","reference_id":"CVE-2019-3810","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3810"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57643?format=json","purl":"pkg:composer/moodle/moodle@3.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2"}],"aliases":["CVE-2019-3810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.1"}