MSA-17-0017: XSS in contact form on "non-respondents" page in non-anonymous feedback Form on the feedback "non-respondents" page does not escape the value of subject thus creating self-XSS. This can be used to attack another user by tricking them into opening malicious URL whilst in an open Moodle session https://moodle.org/mod/forum/discuss.php?d=358585 MSA-17-0018: Course reports are not respecting group settings in courses Number of course reports allowed teachers to view details about users in the groups they can't access https://moodle.org/mod/forum/discuss.php?d=358586
Created moodle tracking bugs for this issue: Affects: epel-all [bug 1493515] Affects: fedora-all [bug 1493516]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.