Description

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.

Remediation

References

CVE-2012-6102

Related Vulnerabilities

WordPress Plugin White Label CMS Cross-Site Request Forgery (1.5)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2750)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36259)

MySQL CVE-2018-3074 Vulnerability (CVE-2018-3074)

WordPress Plugin WP-Live Chat by 3CX Arbitrary File Upload (8.0.31)

Severity

Medium

Classification

CVE-2012-6102 CWE-264

Tags

Missing Update Known Vulnerabilities