Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2014-7831

  • EPSS 0.25%
  • Veröffentlicht 24.11.2014 11:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student r...

3.5

CVE-2014-7830

  • EPSS 0.21%
  • Veröffentlicht 24.11.2014 11:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or...

4

CVE-2014-3617

  • EPSS 0.18%
  • Veröffentlicht 15.09.2014 14:55:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without th...

3.5

CVE-2014-3544

Exploit
  • EPSS 0.96%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via th...

6

CVE-2014-3545

  • EPSS 1.28%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.

5

CVE-2014-3546

  • EPSS 0.28%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentia...

4.3

CVE-2014-3547

  • EPSS 0.29%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.

4.3

CVE-2014-3548

  • EPSS 0.26%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a...

4.3

CVE-2014-3549

  • EPSS 0.29%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly ...

4.3

CVE-2014-3550

  • EPSS 0.29%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message f...