Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2015-2273

  • EPSS 0.21%
  • Published 01.06.2015 19:59:16
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web scr...

4

CVE-2015-2272

  • EPSS 0.28%
  • Published 01.06.2015 19:59:15
  • Last modified 12.04.2025 10:46:40

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

4

CVE-2015-2271

  • EPSS 0.21%
  • Published 01.06.2015 19:59:14
  • Last modified 12.04.2025 10:46:40

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass...

4.3

CVE-2015-2270

  • EPSS 0.28%
  • Published 01.06.2015 19:59:13
  • Last modified 12.04.2025 10:46:40

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allow...

3.5

CVE-2015-2269

  • EPSS 0.53%
  • Published 01.06.2015 19:59:12
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) ...

6.8

CVE-2015-2268

  • EPSS 0.59%
  • Published 01.06.2015 19:59:11
  • Last modified 12.04.2025 10:46:40

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matche...

4

CVE-2015-2267

  • EPSS 0.19%
  • Published 01.06.2015 19:59:10
  • Last modified 12.04.2025 10:46:40

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.

4

CVE-2015-2266

  • EPSS 0.2%
  • Published 01.06.2015 19:59:09
  • Last modified 12.04.2025 10:46:40

message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users t...

6.8

CVE-2015-1493

  • EPSS 0.9%
  • Published 01.06.2015 19:59:08
  • Last modified 12.04.2025 10:46:40

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a ...

6.8

CVE-2015-0218

  • EPSS 0.13%
  • Published 01.06.2015 19:59:07
  • Last modified 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests...