Description
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device.
Remediation
References
Related Vulnerabilities
PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5424)
WordPress Plugin Blue Wrench Video Widget Cross-Site Scripting (2.1.0)
Apache Tomcat version older than 6.0.16
WordPress Plugin SEO Redirection-301 Redirect Manager Unspecified Vulnerability (8.7)
WordPress Plugin Role Scoper Unspecified Vulnerability (1.4.1)