Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2014-2571

  • EPSS 0.21%
  • Published 24.03.2014 14:20:39
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web...

4

CVE-2014-2572

  • EPSS 0.18%
  • Published 24.03.2014 14:20:39
  • Last modified 12.04.2025 10:46:40

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

5.5

CVE-2014-0009

  • EPSS 0.36%
  • Published 20.01.2014 15:14:32
  • Last modified 11.04.2025 00:51:21

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS confi...

6.8

CVE-2014-0010

  • EPSS 0.3%
  • Published 20.01.2014 15:14:32
  • Last modified 11.04.2025 00:51:21

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of ...

4

CVE-2014-0008

  • EPSS 0.42%
  • Published 20.01.2014 15:14:25
  • Last modified 11.04.2025 00:51:21

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

5

CVE-2013-4522

Exploit
  • EPSS 0.28%
  • Published 26.11.2013 05:25:38
  • Last modified 11.04.2025 00:51:21

lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had...

3.5

CVE-2013-4523

Exploit
  • EPSS 0.21%
  • Published 26.11.2013 05:25:38
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.

6.8

CVE-2013-4524

Exploit
  • EPSS 0.33%
  • Published 26.11.2013 05:25:38
  • Last modified 11.04.2025 00:51:21

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.

3.5

CVE-2013-4525

Exploit
  • EPSS 0.21%
  • Published 26.11.2013 05:25:38
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HT...

4.6

CVE-2013-3630

Exploit
  • EPSS 64.52%
  • Published 01.11.2013 02:55:04
  • Last modified 11.04.2025 00:51:21

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.