Description

mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.

Remediation

References

CVE-2013-2243

Related Vulnerabilities

Mailman Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-0618)

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

WordPress Plugin Floating Social Bar Cross-Site Scripting (1.1.5)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0212)

WordPress Plugin Google Alert And Twitter Multiple Vulnerabilities (3.1.5)

Severity

Medium

Classification

CVE-2013-2243 CWE-200

Tags

Missing Update Known Vulnerabilities