Search Results (Refine Search)
- CPE Product Version: cpe:/a:moodle:moodle:3.1.0:rc2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2017-12157 |
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. Published: September 18, 2017; 12:29:00 AM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-12156 |
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. Published: September 18, 2017; 12:29:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7532 |
In Moodle 3.x, course creators are able to change system default settings for courses. Published: July 17, 2017; 1:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-2642 |
Moodle 3.x has user fullname disclosure on the user preferences page. Published: July 17, 2017; 1:29:00 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2017-7491 |
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. Published: May 15, 2017; 10:29:00 AM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7490 |
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. Published: May 15, 2017; 10:29:00 AM -0400 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2017-7489 |
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. Published: May 15, 2017; 10:29:00 AM -0400 |
V3.0: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2017-2645 |
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. Published: March 26, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-2644 |
In Moodle 3.x, XSS can occur via evidence of prior learning. Published: March 26, 2017; 2:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-2641 |
In Moodle 2.x and 3.x, SQL injection can occur via user preferences. Published: March 26, 2017; 2:59:00 PM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-2578 |
In Moodle 3.x, there is XSS in the assignment submission page. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-5012 |
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. Published: January 20, 2017; 3:59:00 AM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |