Total
590 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3388 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. | |||||
CVE-2012-3393 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. | |||||
CVE-2013-2242 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | |||||
CVE-2013-2244 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field. | |||||
CVE-2011-4203 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | |||||
CVE-2012-6103 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. | |||||
CVE-2010-2231 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | |||||
CVE-2013-2243 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. | |||||
CVE-2011-4295 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | |||||
CVE-2012-2361 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | |||||
CVE-2011-4300 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | |||||
CVE-2014-0010 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | |||||
CVE-2011-4297 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.4 MEDIUM | N/A |
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | |||||
CVE-2012-3398 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. | |||||
CVE-2011-4582 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.9 MEDIUM | N/A |
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | |||||
CVE-2011-4287 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | |||||
CVE-2012-4400 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. | |||||
CVE-2012-3389 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. | |||||
CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | |||||
CVE-2012-0795 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. |