Description

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.

Remediation

References

CVE-2011-4284

Related Vulnerabilities

WordPress Plugin mywebcounter Cross-Site Scripting (1.1)

Django Resource Management Errors Vulnerability (CVE-2015-0221)

WordPress Plugin Save Contact Form 7 Information Disclosure (2.0)

WordPress Plugin Konnichiwa! Membership Cross-Site Scripting (0.8.3)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3891)

Severity

Medium

Classification

CVE-2011-4284 CWE-200

Tags

Missing Update Known Vulnerabilities