📄 Beakon Cross Site Scripting / Open Redirection

Beakon versions prior to 5.4.3 suffer from cross site scripting and open redirection vulnerabilities. I am submitting a news article for publishing my recent Zero day vulnerability. I have already contacted MITRE and have CVE-2025-46102 reserved now. Please find below details: Title: Unsensitized...

📄 Beakon SQL Injection

Beakon versions prior to 5.4.3 suffer from a remote unauthenticated time-based SQL injection vulnerability. Title: Unauthenticated Time Based SQL Injection Vulnerability in Beakon versions prior to 5.4.3 Description: An unauthenticated time-based SQL injection vulnerability exists in the Beakon...

SUSE CVE-2009-4305

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...

Moodle multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to 1 mod/scorm/player.php or 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to 1 mod/scorm/player.php or 2...

UBUNTU-CVE-2015-3275

Multiple cross-site scripting XSS vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to 1 mod/scorm/player.php or 2...

CVE-2015-3275

Multiple cross-site scripting XSS vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to 1 mod/scorm/player.php or 2...

Updated moodle packages fix security vulnerability

In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack CVE-2015-5332. In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is...

Updated moodle package fixes security vulnerabilities

In Moodle before 2.8.7, phishing is possible when redirecting to external site using referer headers in error messages CVE-2015-3272. In Moodle before 2.8.7, several web services returning user information did not clean text in text custom profile fields, leading to possible XSS CVE-2015-3274. In...

Debian DSA-1986-1 : moodle - several vulnerabilities

Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4297 Multiple cross-site request forgery CSRF vulnerabilities have been discovered. - CVE-2009-4298 It has be...

CVE-2009-4305

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...