Lucene search
K

34 matches found

NVD
NVD
added 2016/02/22 5:59 a.m.15 views

CVE-2015-5338

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

8.8CVSS9.2AI score0.00786EPSS
Exploits0References2
NVD
NVD
added 2016/02/22 5:59 a.m.13 views

CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

5.5CVSS6.2AI score0.01403EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.16 views

CVE-2015-5338

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

8.8CVSS7.3AI score0.00786EPSS
Exploits0References2
Prion
Prion
added 2016/02/22 5:59 a.m.18 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

6.8CVSS7.8AI score0.00786EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.22 views

CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

5.5CVSS6.8AI score0.01403EPSS
Exploits0References2
OSV
OSV
added 2016/02/22 5:59 a.m.3 views

UBUNTU-CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

5.4CVSS6.8AI score0.01403EPSS
Exploits0References3
Prion
Prion
added 2016/02/22 5:59 a.m.13 views

Design/Logic Flaw

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

5.5CVSS6.6AI score0.01403EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/02/22 5:59 a.m.4 views

UBUNTU-CVE-2015-5338

Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...

8.8CVSS7.3AI score0.00786EPSS
Exploits0References3
Cvelist
Cvelist
added 2016/02/22 2:0 a.m.25 views

CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

6.1AI score0.01403EPSS
Exploits0References4
CVE
CVE
added 2016/02/22 2:0 a.m.75 views

CVE-2015-5264

The CVE-2015-5264 entry concerns Moodle’s lesson module. Affected versions include Moodle 2.6.11 and 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. Remote authenticated users could bypass access restrictions and submit additional answer attempts by leveraging the student role. R...

5.5CVSS5.7AI score0.01403EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2016/02/22 2:0 a.m.63 views

CVE-2015-5338

CVE-2015-5338 affects Moodle’s lesson module, enabling CSRF that can hijack user authentication for requests to mod/lesson/mediafile.php or mod/lesson/view.php. Impacted versions are Moodle up to 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3. The connected sources confir...

8.8CVSS8AI score0.00786EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.9 views

The vulnerability of the Moodle learning management system allows a hacker to execute cross-site scripting attacks.

The vulnerability of the Lesson module in the Moodle learning management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting using the feedback form...

3.5CVSS5.2AI score0.01459EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2015/06/05 12:0 a.m.4 views

Moodle Lesson Module Cross-Site Scripting Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Lesson is one of the modules for selecting courses online. A security vulnerability exists in the access.php script in the Lesson modul...

3.5CVSS6.3AI score0.01459EPSS
Exploits0References1
OSV
OSV
added 2015/06/01 7:59 p.m.4 views

UBUNTU-CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

3.5CVSS5.7AI score0.01459EPSS
Exploits0References4
Rows per page
Query Builder