34 matches found
CVE-2015-5338
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...
CVE-2015-5264
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
CVE-2015-5338
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...
CVE-2015-5264
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
UBUNTU-CVE-2015-5264
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
Design/Logic Flaw
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
UBUNTU-CVE-2015-5338
Multiple cross-site request forgery CSRF vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to 1 mod/lesson/mediafile.php or 2...
CVE-2015-5264
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...
CVE-2015-5264
The CVE-2015-5264 entry concerns Moodle’s lesson module. Affected versions include Moodle 2.6.11 and 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2. Remote authenticated users could bypass access restrictions and submit additional answer attempts by leveraging the student role. R...
CVE-2015-5338
CVE-2015-5338 affects Moodle’s lesson module, enabling CSRF that can hijack user authentication for requests to mod/lesson/mediafile.php or mod/lesson/view.php. Impacted versions are Moodle up to 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3. The connected sources confir...
The vulnerability of the Moodle learning management system allows a hacker to execute cross-site scripting attacks.
The vulnerability of the Lesson module in the Moodle learning management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting using the feedback form...
Moodle Lesson Module Cross-Site Scripting Vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Lesson is one of the modules for selecting courses online. A security vulnerability exists in the access.php script in the Lesson modul...
UBUNTU-CVE-2015-0216
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...