Filtered by vendor Moodle Subscriptions
Filtered by product Moodle Subscriptions
Total 542 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-0725 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-08-05 N/A
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.
CVE-2016-0724 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-08-05 N/A
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
CVE-2017-15110 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
CVE-2017-12156 1 Moodle 1 Moodle 2024-08-05 N/A
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
CVE-2017-12157 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
CVE-2017-7531 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.3, the course overview block reveals activities in hidden courses.
CVE-2017-7532 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, course creators are able to change system default settings for courses.
CVE-2017-7491 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
CVE-2017-7489 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
CVE-2017-7490 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
CVE-2017-7298 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
CVE-2017-2642 1 Moodle 1 Moodle 2024-08-05 N/A
Moodle 3.x has user fullname disclosure on the user preferences page.
CVE-2017-2645 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
CVE-2017-2641 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
CVE-2017-2643 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.2.x, global search displays user names for unauthenticated users.
CVE-2017-2644 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, XSS can occur via evidence of prior learning.
CVE-2017-2576 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVE-2017-2578 1 Moodle 1 Moodle 2024-08-05 N/A
In Moodle 3.x, there is XSS in the assignment submission page.
CVE-2018-16854 1 Moodle 1 Moodle 2024-08-05 N/A
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-14631 1 Moodle 1 Moodle 2024-08-05 N/A
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.