Moodle@1.9.2 Security Vulnerabilities and Issues — Moodle@1.9.2 CVE List

Lucene search

MoodleMoodle1.9.2

11 matches found

CVE•added 2010/04/29 9:30 p.m.•77 views

CVE-2010-1616

Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

4CVSS6.2AI score0.00277EPSS

CVE•added 2010/04/29 9:30 p.m.•73 views

CVE-2010-1618

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

4.3CVSS5.4AI score0.00273EPSS

CVE•added 2010/06/28 5:30 p.m.•68 views

CVE-2010-2229

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3CVSS5.6AI score0.0061EPSS

CVE•added 2010/04/29 9:30 p.m.•65 views

CVE-2010-1614

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in...

4.3CVSS5.9AI score0.00254EPSS

CVE•added 2010/06/28 5:30 p.m.•60 views

CVE-2010-2228

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

4.3CVSS5.4AI score0.0061EPSS

CVE•added 2010/04/29 9:30 p.m.•52 views

CVE-2010-1613

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

6.8CVSS6.5AI score0.00447EPSS

CVE•added 2010/06/28 5:30 p.m.•52 views

CVE-2010-2231

Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.

6.8CVSS7AI score0.00536EPSS

CVE•added 2010/06/28 5:30 p.m.•51 views

CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

4CVSS5AI score0.00396EPSS

CVE•added 2010/04/29 9:30 p.m.•45 views

CVE-2010-1619

Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

4.3CVSS5.5AI score0.00254EPSS

CVE•added 2010/04/29 9:30 p.m.•44 views

CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

4CVSS6AI score0.00273EPSS

CVE•added 2010/04/29 9:30 p.m.•42 views

CVE-2010-1615

Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to...

7.5CVSS8.4AI score0.00436EPSS