| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
| Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. |
| Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. |
| Incorrect CSRF token checks resulted in multiple CSRF risks. |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. |
