Lucene search
K

18 matches found

OSV
OSV
added 2022/05/13 1:12 a.m.16 views

GHSA-6R7X-6Q98-QCQP Moodle does not set the RISK_XSS bit for graders

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...

3.5CVSS6.6AI score0.01459EPSS
Exploits0References11
Cvelist
Cvelist
added 2016/05/22 8:0 p.m.21 views

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

8.9AI score0.00975EPSS
Exploits0References4
Prion
Prion
added 2015/06/01 7:59 p.m.14 views

Design/Logic Flaw

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as...

4CVSS6.6AI score0.01712EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.23 views

CVE-2014-7830

Cross-site scripting XSS vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse...

3.5CVSS6AI score0.01455EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.18 views

CVE-2014-7848

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message...

5CVSS5.9AI score0.02118EPSS
Exploits0References2
Prion
Prion
added 2014/11/24 11:59 a.m.15 views

Cross site scripting

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting XSS attacks, by specifying the...

2.1CVSS5.8AI score0.01433EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/11/24 11:0 a.m.22 views

CVE-2014-7835

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting XSS attacks, by specifying the...

5.4AI score0.01433EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/11/24 11:0 a.m.23 views

CVE-2014-7838

Multiple cross-site request forgery CSRF vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within 1...

7.2AI score0.01006EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/07/29 11:10 a.m.28 views

CVE-2014-3547

Multiple cross-site scripting XSS vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References3
NVD
NVD
added 2014/05/27 12:55 a.m.15 views

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

4.3CVSS5.9AI score0.01863EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2014/05/27 12:55 a.m.20 views

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

4.3CVSS6AI score0.01863EPSS
Exploits0References4
Cvelist
Cvelist
added 2014/05/27 12:0 a.m.28 views

CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL...

5.8AI score0.01863EPSS
Exploits0References3
NVD
NVD
added 2014/03/24 2:20 p.m.25 views

CVE-2014-2572

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors...

4CVSS6.1AI score0.01119EPSS
Exploits0References3
Prion
Prion
added 2014/03/24 2:20 p.m.18 views

Design/Logic Flaw

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner...

5.8CVSS7AI score0.01927EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.20 views

Code injection

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/overrideform.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain...

4CVSS6.2AI score0.01674EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.24 views

Code injection

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors...

4CVSS6.7AI score0.01119EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.9AI score0.02405EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.21 views

CVE-2014-0129

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors...

6AI score0.01676EPSS
Exploits0References3
Rows per page
Query Builder