CVE search results

311 – 320 of 659 results

Detailed view

Sort by:

CVE-2016-3729

Medium priority

Ignored

The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Not affected

CVE-2017-7298

Low priority

Ignored

In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Ignored

CVE-2017-2645

Medium priority

Ignored

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Not affected

CVE-2017-2644

Medium priority

Ignored

In Moodle 3.x, XSS can occur via evidence of prior learning.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Not affected

CVE-2017-2643

Medium priority

Ignored

In Moodle 3.2.x, global search displays user names for unauthenticated users.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Not affected

CVE-2017-2641

Medium priority

Ignored

In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	—	—	—	Not affected

CVE-2017-2578

Low priority

Vulnerable

In Moodle 3.x, there is XSS in the assignment submission page.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	Not in release	Not in release	Not in release	Vulnerable

CVE-2017-2576

Low priority

Vulnerable

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	Not in release	Not in release	Not in release	Vulnerable

CVE-2016-8644

Medium priority

Vulnerable

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	Not in release	Not in release	Not in release	Vulnerable

CVE-2016-8643

Medium priority

Vulnerable

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.

1 affected package

moodle

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
moodle	Not in release	Not in release	Not in release	Vulnerable

Export to JSON

Results by page:

Search CVE reports