Description
lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Import Export Security Bypass (1.8)
WordPress Plugin AdRotate-Ad manager & AdSense Ads 'adrotate-out.php' SQL Injection (3.6.6)
WordPress Plugin Facebook Members Cross-Site Scripting (7.0)
WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)