Moodle@2.8.2 Security Vulnerabilities and Issues — Page 2 of Moodle@2.8.2 CVE List

Lucene search

MoodleMoodle2.8.2

59 matches found

CVE•added 2016/02/22 5:59 a.m.•39 views

CVE-2015-5269

Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.

5.4CVSS5.4AI score0.00191EPSS

Web

CVE•added 2016/02/22 5:59 a.m.•39 views

CVE-2015-5339

The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participan...

4.3CVSS4.9AI score0.00159EPSS

CVE•added 2016/02/22 5:59 a.m.•39 views

CVE-2015-5341

mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.

4.3CVSS5AI score0.00153EPSS

CVE•added 2016/05/22 8:59 p.m.•39 views

CVE-2016-2155

The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instru...

4.3CVSS5.7AI score0.0026EPSS

CVE•added 2016/05/22 8:59 p.m.•39 views

CVE-2016-2159

The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service reque...

4.3CVSS5.8AI score0.00219EPSS

CVE•added 2016/05/22 8:59 p.m.•37 views

CVE-2016-2154

admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.

4.3CVSS5.7AI score0.00282EPSS

CVE•added 2017/04/20 9:59 p.m.•37 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.

4.3CVSS5AI score0.0015EPSS

CVE•added 2016/02/22 5:59 a.m.•36 views

CVE-2015-5338

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/le...

8.8CVSS8AI score0.00118EPSS

CVE•added 2015/06/01 7:59 p.m.•32 views

CVE-2015-3177

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.

3.5CVSS6.6AI score0.00306EPSS

Total number of security vulnerabilities59