ReportizFlow
Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
633 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3732 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. | ||||
| CVE-2016-3729 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | ||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | ||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | ||||
| CVE-2016-7038 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | ||||
| CVE-2017-2643 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.2.x, global search displays user names for unauthenticated users. | ||||
| CVE-2017-2642 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| Moodle 3.x has user fullname disclosure on the user preferences page. | ||||
| CVE-2017-2645 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. | ||||
| CVE-2016-8644 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | ||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | ||||
| CVE-2017-2578 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 3.x, there is XSS in the assignment submission page. | ||||
| CVE-2017-7489 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | ||||
| CVE-2015-0218 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | ||||
| CVE-2015-0217 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | ||||
| CVE-2015-0216 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. | ||||
| CVE-2015-0215 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. | ||||
| CVE-2014-0123 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. | ||||
| CVE-2015-0211 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. | ||||
| CVE-2014-0122 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. | ||||
| CVE-2016-2154 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule. | ||||