Marina Glancy

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A security issue allows users to discover tags that are not expected to be visible to them. This can occur through the tag search page or in the tags block. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Moodle (affected versions not specified) Description: A flaw was found in the cURL wrapper in Moodle, which strips HTTPAUTH and USERPWD headers during emulated redirects but retains other original request headers. This could lead to HTTP authorization header information being unintentionally sent in requests to redirect URLs, potentially allowing a remote attacker to gain unauthorized access to protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle (affected versions not specified) **Description** The issue is related to the ID numbers displayed in the web service token list in Moodle, which required additional sanitizing to prevent a stored XSS risk. This could allow a remote attacker to perform cross-site scripting attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 3.5.1 Moodle versions prior to 3.4.4 Moodle versions prior to 3.3.7 Moodle versions prior to 3.1.13 **Description** A flaw was found that allows the core course get categories web service to return hidden categories, which should be omitted when fetching course categories. **Recommendations** For versions prior to 3.5.1, update to version 3.5.1 or later. For versions prior to 3.4.4, update to version 3.4.4 or later. For versions prior to 3.3.7, update to version 3.3.7 or later. For versions prior to 3.1.13, update to version 3.1.13 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier, 2.7.x before 2.7.11, 2.8.x before 2.8.9, 2.9.x before 2.9.3 **Description** The issue is related to insufficient access control in the system, allowing remote authenticated users to obtain sensitive badge information. This can be achieved via a request involving "badges/overview.php" or "badges/view.php". The problem arises because the system does not consider the moodle/badges:viewbadges capability. **Recommendations** For versions 2.6.11 and earlier, update to a version later than 2.6.11 to resolve the issue. For 2.7.x versions before 2.7.11, update to version 2.7.11 or later. For 2.8.x versions before 2.8.9, update to version 2.8.9 or later. For 2.9.x versions before 2.9.3, update to version 2.9.3 or later. As a temporary workaround, consider restricting access to the `badges/overview.php` and `badges/view.php` API endpoints until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier, 2.7.x before 2.7.10, 2.8.x before 2.8.8, 2.9.x before 2.9.2 **Description** The issue exists due to insufficient protection of the web page structure in the group/overview.php function of the Moodle learning management system. This allows a remote attacker to inject arbitrary web or HTML code by modifying the grouping description, potentially leading to cross-site scripting (XSS). **Recommendations** For versions 2.6.11 and earlier, update to version 2.6.12 or later. For versions 2.7.x before 2.7.10, update to version 2.7.10 or later. For versions 2.8.x before 2.8.8, update to version 2.8.8 or later. For versions 2.9.x before 2.9.2, update to version 2.9.2 or later. As a temporary workaround, consider restricting access to the `group/overview.php` page until a patch is available. Avoid using modified grouping descriptions in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.11 and earlier, 2.7.x through 2.7.8, 2.8.x through 2.8.6, 2.9.x through 2.9.0 **Description** A cross-site scripting (XSS) issue exists due to the absence of an external format text call in a web service, allowing remote attackers to inject arbitrary web script or HTML. This is related to the user get user details function in user/lib.php. **Recommendations** For versions 2.6.11 and earlier, update to version 2.7.9 or later. For versions 2.7.x through 2.7.8, update to version 2.7.9 or later. For versions 2.8.x through 2.8.6, update to version 2.8.7 or later. For versions 2.9.x through 2.9.0, update to version 2.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.5.10 Moodle versions 2.6.x through 2.6.10 Moodle versions 2.7.x through 2.7.7 Moodle versions 2.8.x through 2.8.5 **Description** The issue is related to insufficient access control in the login/confirm.php component of the Moodle learning management system. This can be exploited by a remote attacker to bypass login restrictions by accessing the system using a suspended account. **Recommendations** For Moodle versions prior to 2.5.10, update to version 2.5.10 or later. For Moodle versions 2.6.x through 2.6.10, update to version 2.6.11 or later. For Moodle versions 2.7.x through 2.7.7, update to version 2.7.8 or later. For Moodle versions 2.8.x through 2.8.5, update to version 2.8.6 or later.

**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.0 through 2.6.2 **Description** The issue allows remote attackers to obtain sensitive information about hidden courses by visiting a crafted URL, leveraging the guest role. This is due to the failure of enrol/index.php to check for the moodle/course:viewhiddencourses capability before listing hidden courses. **Recommendations** For Moodle versions 2.6.0 through 2.6.2, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the enrol/index.php page for guest users until the update is applied.