In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Moodle | Moodle | 2.9.6 | 2.9.6 |
| Moodle | Moodle | 2.8.3 | 2.8.3 |
| Moodle | Moodle | 2.8.7 | 2.8.7 |
| Moodle | Moodle | 2.9.4 | 2.9.4 |
| Moodle | Moodle | 3.1.0 | 3.1.0 |
| Moodle | Moodle | 2.8.9 | 2.8.9 |
| Moodle | Moodle | 2.8.10 | 2.8.10 |
| Moodle | Moodle | 2.8.4 | 2.8.4 |
| Moodle | Moodle | 2.8.6 | 2.8.6 |
| Moodle | Moodle | 3.0.4 | 3.0.4 |
| Moodle | Moodle | 3.0.2 | 3.0.2 |
| Moodle | Moodle | 2.8.12 | 2.8.12 |
| Moodle | Moodle | 3.0.1 | 3.0.1 |
| Moodle | Moodle | 2.8.8 | 2.8.8 |
| Moodle | Moodle | 3.0.0 | 3.0.0 |
| Moodle | Moodle | 2.9.1 | 2.9.1 |
| Moodle | Moodle | 2.8.1 | 2.8.1 |
| Moodle | Moodle | 2.9.5 | 2.9.5 |
| Moodle | Moodle | 2.8.11 | 2.8.11 |
| Moodle | Moodle | * | 2.7.14 |
| Moodle | Moodle | 2.8.5 | 2.8.5 |
| Moodle | Moodle | 3.0.3 | 3.0.3 |
| Moodle | Moodle | 2.9.2 | 2.9.2 |
| Moodle | Moodle | 2.9.3 | 2.9.3 |
| Moodle | Moodle | 2.8.2 | 2.8.2 |
| Moodle | Moodle | 2.8.0 | 2.8.0 |
| Moodle | Moodle | 2.9.0 | 2.9.0 |