Filtered by vendor Moodle
Subscribe
Total
607 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3387 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. | |||||
CVE-2013-4938 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | |||||
CVE-2013-1829 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role. | |||||
CVE-2013-1835 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. | |||||
CVE-2012-0800 | 1 Moodle | 1 Moodle | 2025-04-11 | 2.1 LOW | N/A |
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | |||||
CVE-2013-4942 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | |||||
CVE-2012-4401 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities. | |||||
CVE-2013-1834 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. | |||||
CVE-2011-4301 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | |||||
CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | |||||
CVE-2011-4307 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
CVE-2014-0008 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | |||||
CVE-2013-2081 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. | |||||
CVE-2011-4293 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.4 MEDIUM | N/A |
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | |||||
CVE-2013-4341 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. | |||||
CVE-2012-3390 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | |||||
CVE-2012-3397 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | |||||
CVE-2012-0792 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. | |||||
CVE-2012-4402 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.9 MEDIUM | N/A |
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | |||||
CVE-2011-4292 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. |