Search Results (Refine Search)
- CPE Product Version: cpe:/a:moodle:moodle:3.1.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-2578 |
In Moodle 3.x, there is XSS in the assignment submission page. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-2576 |
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-8644 |
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-8643 |
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2016-8642 |
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-7038 |
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 7.3 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-5014 |
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-5013 |
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2016-5012 |
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2016-9188 |
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. Published: November 04, 2016; 6:59:08 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-9187 |
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. Published: November 04, 2016; 6:59:07 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2016-9186 |
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. Published: November 04, 2016; 6:59:06 AM -0400 |
V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |