Description

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

Remediation

References

CVE-2009-4299

Related Vulnerabilities

WordPress Plugin Yoast SEO Cross-Site Scripting (3.2.5)

silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4968)

WordPress Plugin Shortcode Redirect 'domain' Parameter Cross-Site Scripting (1.0.01)

WordPress Plugin eHive Object Details Cross-Site Scripting (2.1.6)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3715)

Severity

Medium

Classification

CVE-2009-4299 CWE-264

Tags

Missing Update Known Vulnerabilities