U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 209 matching records.
Displaying matches 201 through 209.
Vuln ID Summary CVSS Severity
CVE-2004-1424

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2004-1425

Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 5.0 MEDIUM
CVE-2004-2232

SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2004-2233

Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2004-2236

Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2004-2237

Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."

Published: December 31, 2004; 12:00:00 AM -0500 		V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2004-1711

Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.

Published: August 06, 2004; 12:00:00 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM
CVE-2004-0725

Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Published: July 27, 2004; 12:00:00 AM -0400 		V3.x:(not available)
 V2.0: 6.8 MEDIUM
CVE-2004-1978

Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.

Published: April 30, 2004; 12:00:00 AM -0400 		V3.x:(not available)
 V2.0: 4.3 MEDIUM