Description
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Remediation
References
Related Vulnerabilities
WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)
IBM RTC CVE-2018-1694 Vulnerability (CVE-2018-1694)
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
WordPress Plugin My Calendar Cross-Site Scripting (2.3.28)
phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5227)