Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.

Remediation

References

CVE-2013-2082

Related Vulnerabilities

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Scripting Vulnerabilities (5.4.8)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1099)

WordPress Plugin Gigya-Social Infrastructure Cross-Site Scripting (1.1.8)

MySQL CVE-2014-2440 Vulnerability (CVE-2014-2440)

Atlassian Jira Missing Authorization Vulnerability (CVE-2019-20407)

Severity

Medium

Classification

CVE-2013-2082 CWE-264

Tags

Missing Update Known Vulnerabilities