Filtered by vendor Moodle
Subscribe
Total
607 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4280 | 2 Moodle, Nimish Pachapurkar | 2 Moodle, Spike Phpcoverage | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-2367 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | |||||
CVE-2010-2228 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | |||||
CVE-2011-4587 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | |||||
CVE-2012-2362 | 1 Moodle | 1 Moodle | 2025-04-11 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. | |||||
CVE-2012-6105 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. | |||||
CVE-2011-3757 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | |||||
CVE-2012-2363 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | |||||
CVE-2013-2079 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | |||||
CVE-2011-4133 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | |||||
CVE-2012-4407 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. | |||||
CVE-2012-6098 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | |||||
CVE-2012-2357 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | |||||
CVE-2014-0009 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | |||||
CVE-2011-4302 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.8 MEDIUM | N/A |
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate. | |||||
CVE-2012-6101 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.8 MEDIUM | N/A |
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. | |||||
CVE-2013-1833 | 1 Moodle | 1 Moodle | 2025-04-11 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. | |||||
CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | |||||
CVE-2013-4939 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | |||||
CVE-2012-5472 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. |