Description

comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

Remediation

References

CVE-2011-4297

Related Vulnerabilities

Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12)

WordPress Plugin Email Subscribers & Newsletters Cross-Site Scripting (3.4.12)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111)

WordPress Plugin Newsletter Meenews 'idnews' Parameter Cross-Site Scripting (5.1.0)

Oracle JRE CVE-2013-5820 Vulnerability (CVE-2013-5820)

Severity

Medium

Classification

CVE-2011-4297 CWE-264

Tags

Missing Update Known Vulnerabilities