Description

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.

Remediation

References

CVE-2012-2354

Related Vulnerabilities

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cloaking (2.2.9)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18098)

IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4697)

WordPress Plugin Google AdSense Click-Fraud Monitoring Cross-Site Scripting (1.8.6)

PHP Numeric Errors Vulnerability (CVE-2006-4486)

Severity

Medium

Classification

CVE-2012-2354 CWE-264

Tags

Missing Update Known Vulnerabilities