Lucene search
K

16 matches found

OSV
OSV
added 2022/05/13 1:12 a.m.16 views

GHSA-6R7X-6Q98-QCQP Moodle does not set the RISK_XSS bit for graders

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted gradebook feedback during manual quiz grading...

3.5CVSS6.6AI score0.01459EPSS
Exploits0References11
Prion
Prion
added 2017/04/20 9:59 p.m.22 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

6.8CVSS7.5AI score0.01129EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/04/20 9:59 p.m.18 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

4.3CVSS5.2AI score0.01373EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2016/07/21 12:0 a.m.29 views

Moodle 2.8.x < 2.8.6 Multiple Vulnerabilities

Binary data 9425.prm...

5.8CVSS7.6AI score0.01893EPSS
Exploits0References10
Cvelist
Cvelist
added 2016/05/22 8:0 p.m.21 views

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

8.9AI score0.00975EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.14 views

Moodle 2.8.x < 2.8.9 / 2.9.x < 2.9.3 Distributed DoS

Binary data 9190.prm...

7.1CVSS7.3AI score0.01684EPSS
Exploits0References3
NVD
NVD
added 2016/02/22 5:59 a.m.18 views

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...

7.1CVSS6.9AI score0.01684EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.18 views

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...

7.1CVSS6.9AI score0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/02/22 2:0 a.m.21 views

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...

7.3AI score0.01684EPSS
Exploits0References2
NVD
NVD
added 2015/06/01 7:59 p.m.23 views

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

3.5CVSS5.3AI score0.01459EPSS
Exploits0References3
Prion
Prion
added 2015/06/01 7:59 p.m.11 views

Cross site scripting

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

3.5CVSS5.7AI score0.01459EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/06/01 7:59 p.m.14 views

Design/Logic Flaw

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as...

4CVSS6.6AI score0.01712EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/06/01 7:59 p.m.11 views

Cross site request forgery (csrf)

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request...

3.5CVSS6AI score0.01484EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2015/06/01 7:59 p.m.19 views

CVE-2015-3177

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request...

3.5CVSS7.1AI score0.01484EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/06/01 7:0 p.m.28 views

CVE-2015-0216

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...

5.3AI score0.01459EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.15 views

Moodle 2.8.x < 2.8.2 XSS

Binary data 8724.prm...

3.5CVSS6.9AI score0.01459EPSS
Exploits0References4
Rows per page
Query Builder