Moodle 2.6.x < 2.6.11 / 2.7.x < 2.7.8 Multiple Vulnerabilities

Binary data 9426.prm...

goedkoopstespeelgoedwinkel.nl XSS vulnerability

Vulnerable URL: http://www.goedkoopstespeelgoedwinkel.nl/zoeken.php?sq=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2703389 VIP website status:| No Check...

fusacq.com XSS vulnerability

Vulnerable URL: http://www.fusacq.com/search-cession-entreprise?motscles=%22%3E%3Csvg/onload=alert%28/XSSPOSED/%29%3Emoins=1=0pays=0region=0secteuractivite=0respage=10=1recherche=3=21 Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 08:39 GMT...

mcm.fr XSS vulnerability

Vulnerable URL: http://www.mcm.fr/search/home/actu/?q=%22%3E%3Cscript%3Ealert%28%27XSSPOSED%27%29;%3C/script%3E Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 17:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

cleanvideosearch.com XSS vulnerability

Vulnerable URL: http://www.cleanvideosearch.com/media/action/yt/search?button=Search==-1=1=0=false==%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E=9 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:|...

indonesiayp.com XSS vulnerability

Vulnerable URL: http://www.indonesiayp.com/browse-business-cities/char:A" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 461138 Google Pagerank| 3 VIP website status:| No Check...

tce.mg.gov.br XSS vulnerability

Vulnerable URL: http://www.tce.mg.gov.br/projetocontas/index.shtml!prettyPhotoiframes//0,%3Cimg%20src=x%20onerror=alert%28/XSSPOSED/%29%3E/ Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 12:21 GMT Vulnerability type:| XSS Vulnerability status:...

Cross site scripting

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...

UBUNTU-CVE-2015-3174

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...

Moodle 'mod/quiz:grade' cross-site scripting vulnerability

Moodle is an open source web-based teaching and learning application. A cross-site scripting vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 due to a failure of the Quiz manual-grading feature to be implemented correctly, which allows remote attackers to conduct a...

CVE-2014-3551

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

CVE-2014-3551

CVE-2014-3551 affects Moodle multiple versions of the advanced-grading rubric component. Vulnerable in 2.3.x up to 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1. Description: XSS via crafted (1) qualification or (2) rating fields in a rubric, exploita...

CVE-2014-3551

Multiple cross-site scripting XSS vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1...

CVE-2014-0213

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

CVE-2014-0213

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

Adobe SpeedGrade Installed

Adobe SpeedGrade, a color grading application, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62692; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/01/31"; scriptnameenglish:"Adobe...

Insecure Applications: We Are The 84 Percent!

You only have to glance at the headlines to know that the state of computer application security is bad. But a new report from Veracode makes clear how bad: just 16 percent of almost 10,000 applications tested in the last six months received a passing security grade on their first attempt. The...