Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-0217

  • EPSS 0.59%
  • Published 01.06.2015 19:59:06
  • Last modified 12.04.2025 10:46:40

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matc...

3.5

CVE-2015-0216

  • EPSS 0.23%
  • Published 01.06.2015 19:59:05
  • Last modified 12.04.2025 10:46:40

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.

4

CVE-2015-0215

  • EPSS 0.18%
  • Published 01.06.2015 19:59:04
  • Last modified 12.04.2025 10:46:40

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

4

CVE-2015-0214

  • EPSS 0.21%
  • Published 01.06.2015 19:59:03
  • Last modified 12.04.2025 10:46:40

message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search re...

6.8

CVE-2015-0213

  • EPSS 0.13%
  • Published 01.06.2015 19:59:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to ...

3.5

CVE-2015-0212

  • EPSS 0.21%
  • Published 01.06.2015 19:59:01
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summa...

4

CVE-2015-0211

  • EPSS 0.2%
  • Published 01.06.2015 19:59:00
  • Last modified 12.04.2025 10:46:40

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, w...

5

CVE-2014-9060

  • EPSS 0.39%
  • Published 24.11.2014 11:59:15
  • Last modified 12.04.2025 10:46:40

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via ...

4.3

CVE-2014-9059

  • EPSS 0.32%
  • Published 24.11.2014 11:59:14
  • Last modified 12.04.2025 10:46:40

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 ch...

5

CVE-2014-7848

  • EPSS 0.39%
  • Published 24.11.2014 11:59:13
  • Last modified 12.04.2025 10:46:40

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.