Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4203 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | ||||
| CVE-2013-1830 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | N/A |
| user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. | ||||
| CVE-2013-1835 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. | ||||
| CVE-2013-4940 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. | ||||
| CVE-2013-4939 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | ||||
| CVE-2013-4524 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path. | ||||
| CVE-2010-1614 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. | ||||
| CVE-2010-1618 | 2 Ja-sig, Moodle | 2 Phpcas Client Library, Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. | ||||
| CVE-2010-2231 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | ||||
| CVE-2011-4285 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. | ||||
| CVE-2011-4286 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. | ||||
| CVE-2011-4294 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. | ||||
| CVE-2011-4295 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | ||||
| CVE-2011-4297 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | ||||
| CVE-2011-4304 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | ||||
| CVE-2011-4305 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | ||||
| CVE-2011-4584 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | ||||
| CVE-2011-4587 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | ||||
| CVE-2012-0794 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | ||||
| CVE-2012-0800 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | ||||