2 matches found
SUSE CVE-2015-5341
modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...
Cross-site Scripting (XSS)
Moodle is vulnerable to multiple cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript through an organization name in mod/scorm/player.php or mod/scorm/prereqs.php...