Description

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

Remediation

References

CVE-2021-43560

Related Vulnerabilities

WordPress Plugin Schema App Structured Data Unspecified Vulnerability (0.5.4)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43706)

WordPress Plugin WooCommerce Instamojo Cross-Site Scripting (0.0.6)

Atlassian Jira CVE-2019-11583 Vulnerability (CVE-2019-11583)

WordPress Plugin Testimonial Rotator Cross-Site Scripting (3.0.2)

Severity

Medium

Classification

CVE-2021-43560 CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities