Description

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

Remediation

References

CVE-2015-3177

Related Vulnerabilities

WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42628)

XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)

Nginx Improper Encoding or Escaping of Output Vulnerability (CVE-2013-4547)

MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)

Severity

Low

Classification

CVE-2015-3177

Tags

Missing Update Known Vulnerabilities