U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:moodle:moodle:3.1.0:rc2
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2017-12157

In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.

Published: September 18, 2017; 12:29:00 AM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-12156

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

Published: September 18, 2017; 12:29:00 AM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7532

In Moodle 3.x, course creators are able to change system default settings for courses.

Published: July 17, 2017; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-2642

Moodle 3.x has user fullname disclosure on the user preferences page.

Published: July 17, 2017; 1:29:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-7491

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.

Published: May 15, 2017; 10:29:00 AM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.

Published: May 15, 2017; 10:29:00 AM -0400
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2017-7489

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

Published: May 15, 2017; 10:29:00 AM -0400
V3.0: 6.3 MEDIUM
V2.0: 6.5 MEDIUM
CVE-2017-2645

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

Published: March 26, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-2644

In Moodle 3.x, XSS can occur via evidence of prior learning.

Published: March 26, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-2641

In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

Published: March 26, 2017; 2:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-2578

In Moodle 3.x, there is XSS in the assignment submission page.

Published: January 20, 2017; 3:59:00 AM -0500
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-5012

In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

Published: January 20, 2017; 3:59:00 AM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM