Filtered by vendor Moodle
Subscribe
Search
Total
132 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1158 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | |||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | |||||
| CVE-2012-1169 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | |||||
| CVE-2012-1159 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2: Overview report allows users to see hidden courses | |||||
| CVE-2012-1161 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | |||||
| CVE-2019-3850 | 1 Moodle | 1 Moodle | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. | |||||
| CVE-2019-10133 | 1 Moodle | 1 Moodle | 2019-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | |||||
| CVE-2018-14631 | 1 Moodle | 1 Moodle | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | |||||
| CVE-2018-10890 | 1 Moodle | 1 Moodle | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. It was possible for the core_course_get_categories web service to return hidden categories, which should be omitted when fetching course categories. | |||||
| CVE-2018-10889 | 1 Moodle | 1 Moodle | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. | |||||
| CVE-2017-7489 | 1 Moodle | 1 Moodle | 2019-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | |||||
| CVE-2018-1134 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2018-1136 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. | |||||
| CVE-2018-1043 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. | |||||
| CVE-2017-7532 | 1 Moodle | 1 Moodle | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Moodle 3.x, course creators are able to change system default settings for courses. | |||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | |||||
| CVE-2018-1042 | 1 Moodle | 1 Moodle | 2019-07-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has Server Side Request Forgery in the filepicker. | |||||
| CVE-2018-1135 | 1 Moodle | 1 Moodle | 2018-06-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. | |||||
| CVE-2017-7298 | 1 Moodle | 1 Moodle | 2018-05-18 | 3.5 LOW | 5.4 MEDIUM |
| In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. | |||||
| CVE-2018-1045 | 1 Moodle | 1 Moodle | 2018-02-05 | 3.5 LOW | 5.4 MEDIUM |
| In Moodle 3.x, there is XSS via a calendar event name. | |||||
| CVE-2018-1044 | 1 Moodle | 1 Moodle | 2018-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | |||||
| CVE-2017-15110 | 1 Moodle | 1 Moodle | 2017-12-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. | |||||
| CVE-2017-12157 | 1 Moodle | 1 Moodle | 2017-09-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | |||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2017-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | |||||
| CVE-2017-2642 | 1 Moodle | 1 Moodle | 2017-07-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has user fullname disclosure on the user preferences page. | |||||
| CVE-2017-2643 | 1 Moodle | 1 Moodle | 2017-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 3.2.x, global search displays user names for unauthenticated users. | |||||
| CVE-2017-2644 | 1 Moodle | 1 Moodle | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via evidence of prior learning. | |||||
| CVE-2017-2645 | 1 Moodle | 1 Moodle | 2017-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. | |||||
| CVE-2017-7491 | 1 Moodle | 1 Moodle | 2017-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | |||||
| CVE-2017-2578 | 1 Moodle | 1 Moodle | 2017-01-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, there is XSS in the assignment submission page. | |||||
| CVE-2016-5012 | 1 Moodle | 1 Moodle | 2017-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | |||||
| CVE-2016-9188 | 1 Moodle | 1 Moodle | 2016-11-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. | |||||