Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
542 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-0725 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-05 | N/A |
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. | ||||
CVE-2016-0724 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-05 | N/A |
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. | ||||
CVE-2017-15110 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. | ||||
CVE-2017-12156 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | ||||
CVE-2017-12157 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | ||||
CVE-2017-7531 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.3, the course overview block reveals activities in hidden courses. | ||||
CVE-2017-7532 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, course creators are able to change system default settings for courses. | ||||
CVE-2017-7491 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | ||||
CVE-2017-7489 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | ||||
CVE-2017-7490 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | ||||
CVE-2017-7298 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | ||||
CVE-2017-2642 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
Moodle 3.x has user fullname disclosure on the user preferences page. | ||||
CVE-2017-2645 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. | ||||
CVE-2017-2641 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||||
CVE-2017-2643 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.2.x, global search displays user names for unauthenticated users. | ||||
CVE-2017-2644 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, XSS can occur via evidence of prior learning. | ||||
CVE-2017-2576 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | ||||
CVE-2017-2578 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
In Moodle 3.x, there is XSS in the assignment submission page. | ||||
CVE-2018-16854 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | ||||
CVE-2018-14631 | 1 Moodle | 1 Moodle | 2024-08-05 | N/A |
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. |