| CVE-2015-3175 |
|
Medium |
Jun 01, 2015 |
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers
more...
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-3174 |
|
Low |
Jun 01, 2015 |
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for grade
more...
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2273 |
|
Low |
Jun 01, 2015 |
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x
more...
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2272 |
|
Medium |
Jun 01, 2015 |
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a f
more...
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2271 |
|
Medium |
Jun 01, 2015 |
tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability b
more...
tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2270 |
|
Medium |
Jun 01, 2015 |
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions featu
more...
lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2269 |
|
Low |
Jun 01, 2015 |
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.
more...
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2268 |
|
Medium |
Jun 01, 2015 |
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users t
more...
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2267 |
|
Medium |
Jun 01, 2015 |
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intende
more...
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
| CVE-2015-2266 |
|
Medium |
Jun 01, 2015 |
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmess
more...
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
