Description

rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.

Remediation

References

CVE-2013-2245

Related Vulnerabilities

WordPress Plugin BuddyPress Members Only Cross-Site Scripting (1.8.3)

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9786)

WordPress Plugin W4 Post List Cross-Site Scripting (2.4.4)

Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2019-10174)

WordPress Plugin Simple Slider 'New Image' Field Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2013-2245 CWE-287

Tags

Missing Update Known Vulnerabilities