|
|
Log in / Subscribe / Register

moodle: multiple vulnerabilities

Package(s):moodle CVE #(s):CVE-2013-2242 CVE-2013-2243 CVE-2013-2244 CVE-2013-2245 CVE-2013-2246
Created:July 22, 2013 Updated:July 31, 2013
Description: From the Mageia advisory:

Users were able to access a daemon-mode Chat activity in Moodle before 2.4.5 without the required capability (CVE-2013-2242).

It was possible to determine answers from ID values in Lesson activity matching questions in Moodle before 2.4.5 (CVE-2013-2243).

Conditional access rule values for user fields were able to contain unescaped HTML/JS that would be output to users in Moodle before 2.4.5 (CVE-2013-2244).

When impersonating another user using RSS tokens in Moodle before 2.4.5, an error was displayed, but block information relevant to the person being impersonated was shown (CVE-2013-2245).

The Feedback module in Moodle before 2.4.5 was showing personal information to users without the needed capability (CVE-2013-2246).

Alerts:
Fedora FEDORA-2013-13252 moodle 2013-07-30
Fedora FEDORA-2013-12964 moodle 2013-07-23
Fedora FEDORA-2013-12950 moodle 2013-07-23
Mageia MGASA-2013-0217 moodle 2013-07-21
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds