Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

Remediation

References

CVE-2012-2354

Related Vulnerabilities

Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 1.5.20)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20447)

WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)

WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)

LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)

Severity

Medium

Classification

CVE-2012-2354 CWE-264

Tags

Missing Update Known Vulnerabilities