Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

CVE-2013-2082

Related Vulnerabilities

MediaWiki Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2014-2243)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1407)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23214)

WordPress Plugin Weaver Xtreme Theme Support Cross-Site Scripting (6.2.6)

WordPress Plugin BuddyPress Multiple Security Bypass Vulnerabilities (7.2.1)

Severity

Medium

Classification

CVE-2013-2082 CWE-264

Tags

Missing Update Known Vulnerabilities