|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2017-7531 | Medium | Jul 17, 2017 | In Moodle 3.3, the course overview block reveals activities in hidden courses. |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
|
| CVE-2017-2576 | Medium | Jan 20, 2017 | In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2017-15110 | Medium | Nov 20, 2017 | In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2016-9188 | Medium | Nov 04, 2016 | Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_add more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2016-9187 | BDSA-2016-1719 | Medium | Nov 04, 2016 | Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execu more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2016-9186 | BDSA-2016-1712 | Medium | Nov 04, 2016 | Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to exe more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2016-8644 | Medium | Jan 20, 2017 | In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2016-8643 | Medium | Jan 20, 2017 | In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2016-8642 | Medium | Jan 20, 2017 | In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2016-7038 | Medium | Jan 20, 2017 | In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|