Description

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

Remediation

References

CVE-2016-5014

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25147)

Oracle Application Server Other Vulnerability (CVE-2002-1631)

WordPress Plugin SimpleFlickr Cross-Site Request Forgery (3.0.3)

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)

WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.1.10)

Severity

Medium

Classification

CVE-2016-5014 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities