Description

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

Remediation

References

CVE-2010-1617

Related Vulnerabilities

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)

WordPress Plugin Open Graph for Facebook, Google+ and Twitter Card Tags Cross-Site Scripting (2.2.4)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll SQL Injection (1.1.91)

TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2010-3669)

TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228)

Severity

Medium

Classification

CVE-2010-1617 CWE-264

Tags

Missing Update Known Vulnerabilities