Description In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. Remediation References CVE-2016-8642 Related Vulnerabilities Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248) WordPress Plugin WOOCS-Currency Switcher for WooCommerce Professional Cross-Site Scripting (1.3.7.2) Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1045) WordPress Plugin Hana Flv Player Cross-Site Scripting (3.1.3) MySQL CVE-2018-3278 Vulnerability (CVE-2018-3278) Severity Medium Classification CVE-2016-8642 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities