Description
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2582)
WordPress Plugin Shortcode for Font Awesome Cross-Site Scripting (1.4)
WordPress Plugin NextScripts:Social Networks Auto-Poster Cross-Site Scripting (4.2.7)
WordPress Plugin Variation Swatches for WooCommerce Cross-Site Scripting (1.0.61)