Description
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
Remediation
References
Related Vulnerabilities
Joomla CVE-2021-26031 Vulnerability (CVE-2021-26031)
Oracle Database Server CVE-2008-2602 Vulnerability (CVE-2008-2602)
Internet Information Services Other Vulnerability (CVE-2001-0709)
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)
WordPress Plugin Indeed Job Importer Cross-Site Scripting (1.0.5)