Description In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. Remediation References CVE-2017-7490 Related Vulnerabilities Zope Web Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-5145) Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4104) Oracle JRE CVE-2014-0464 Vulnerability (CVE-2014-0464) Magento CVE-2020-9631 Vulnerability (CVE-2020-9631) FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574) Severity Medium Classification CVE-2017-7490 CWE-668 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Tags Missing Update Known Vulnerabilities