Description

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.

Remediation

References

CVE-2011-4593

Related Vulnerabilities

MySQL CVE-2021-2278 Vulnerability (CVE-2021-2278)

WordPress Plugin Twitter Friends Widget Cross-Site Scripting (3.1)

WordPress Plugin Blogstand Banner Cross-Site Scripting (1.0)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35478)

Mailman Other Vulnerability (CVE-2004-0412)

Severity

Medium

Classification

CVE-2011-4593 CWE-200

Tags

Missing Update Known Vulnerabilities