5 matches found
CVE-2015-3274
Cross-site scripting XSS vulnerability in the usergetuserdetails function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an externalformattext call in ...
CVE-2015-3274
The CVE covers a cross-site scripting (XSS) vulnerability in Moodle identified as CVE-2015-3274. The issue resides in the user_get_user_details function in user/lib.php and is exploitable via web services due to the absence of an external_format_text call. Affected Moodle versions are: 2.6.11 and...
Fedora 21 : moodle-2.7.9-1.fc21 (2015-14996)
moodle-2.7.9-1.fc21 - 2.7.9. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Fedora 22 : moodle-2.8.7-1.fc22 (2015-14988)
moodle-2.8.7-1.fc22 - Latest upstream release. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-15-0026: Possible phishing when redirecting to external site using referer header. CVE-2015-3272 MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum CVE-2015-3273 MSA-15-0028: Possible XSS through custom...