Mxsph

**Name of the Vulnerable Software and Affected Versions** thmmniii/fbs-core versions prior to 1.5.3 **Description** thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3, when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. **Recommendations** For versions prior to 1.5.3, upgrade to version 1.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `subresults` query for logged-in users until the upgrade is applied.