Filtered by vendor Moodle
Subscriptions
Total
634 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4301 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | ||||
| CVE-2011-4300 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | ||||
| CVE-2011-4299 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. | ||||
| CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | ||||
| CVE-2011-4298 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | ||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | ||||
| CVE-2011-4296 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | ||||
| CVE-2011-4303 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | ||||
| CVE-2011-4293 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | ||||
| CVE-2011-4292 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. | ||||
| CVE-2014-0008 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. | ||||
| CVE-2011-4291 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations. | ||||
| CVE-2014-0009 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. | ||||
| CVE-2013-5674 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. | ||||
| CVE-2011-4290 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. | ||||
| CVE-2013-4941 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | ||||
| CVE-2013-4938 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | ||||
| CVE-2011-4289 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | ||||
| CVE-2013-4525 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. | ||||
| CVE-2013-4523 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. | ||||