Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2014-7831

  • EPSS 0.25%
  • Published 24.11.2014 11:59:01
  • Last modified 12.04.2025 10:46:40

lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student r...

3.5

CVE-2014-7830

  • EPSS 0.21%
  • Published 24.11.2014 11:59:00
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or...

4

CVE-2014-3617

  • EPSS 0.18%
  • Published 15.09.2014 14:55:11
  • Last modified 12.04.2025 10:46:40

The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without th...

3.5

CVE-2014-3544

Exploit
  • EPSS 0.96%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via th...

6

CVE-2014-3545

  • EPSS 1.28%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.

5

CVE-2014-3546

  • EPSS 0.28%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentia...

4.3

CVE-2014-3547

  • EPSS 0.29%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.

4.3

CVE-2014-3548

  • EPSS 0.26%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a...

4.3

CVE-2014-3549

  • EPSS 0.29%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly ...

4.3

CVE-2014-3550

  • EPSS 0.29%
  • Published 29.07.2014 11:10:32
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message f...