8 matches found
Mageia: Security Advisory (MGASA-2015-0229)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moodle 2.8.x < 2.8.6 Multiple Vulnerabilities
Binary data 9425.prm...
Fedora 23 : moodle-2.9.1-1.fc23 (2015-14987)
moodle-2.9.1-1.fc23 - 2.9.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora 22 : moodle-2.8.7-1.fc22 (2015-14988)
moodle-2.8.7-1.fc22 - Latest upstream release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 21 : moodle-2.7.9-1.fc21 (2015-14996)
moodle-2.7.9-1.fc21 - 2.7.9. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
CVE-2015-3174
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...
CVE-2015-3174
The vulnerability CVE-2015-3174 affects Moodle’s mod/quiz/db/access.php across several branches (up to Moodle 2.5.9; 2.6.x before 2.6.11; 2.7.x before 2.7.8; 2.8.x before 2.8.6). The issue is that the grader’s RISK_XSS flag is not set, enabling remote authenticated users to perform cross-site scr...
Updated moodle packages fix security vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag CVE-2015-3174. In Moodle before 2.6.11, some error messages displa...