moodle -- multiple vulnerabilities

2016-03-21T00:00:00
ID A430E15D-F93F-11E5-92CE-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-03-21T00:00:00

Description

Marina Glancy reports:

MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db

MSA-16-0005: Reflected XSS in mod_data advanced search

MSA-16-0006: Hidden courses are shown to students in Event Monitor MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View MSA-16-0008: External function get_calendar_events return events that pertains to hidden activities MSA-16-0009: CSRF in Assignment plugin management page

MSA-16-0010: Enumeration of category details possible without authentication MSA-16-0011: Add no referrer to links with _blank target attribute MSA-16-0012: External function mod_assign_save_submission does not check due dates