Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-0502

  • EPSS 0.48%
  • Published 10.02.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via a...

4.3

CVE-2008-5432

  • EPSS 0.65%
  • Published 11.12.2008 15:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

6.9

CVE-2008-5153

Exploit
  • EPSS 0.03%
  • Published 18.11.2008 16:00:01
  • Last modified 09.04.2025 00:30:58

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

6

CVE-2008-3325

  • EPSS 0.4%
  • Published 25.07.2008 16:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

2.6

CVE-2008-3326

Exploit
  • EPSS 0.55%
  • Published 25.07.2008 16:41:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

4.3

CVE-2008-3327

  • EPSS 0.32%
  • Published 25.07.2008 16:41:00
  • Last modified 09.04.2025 00:30:58

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

4.3

CVE-2008-1502

Exploit
  • EPSS 1.09%
  • Published 25.03.2008 19:44:00
  • Last modified 09.04.2025 00:30:58

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks...

4.3

CVE-2008-0123

Exploit
  • EPSS 0.96%
  • Published 12.01.2008 01:46:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the insta...

4.3

CVE-2007-3555

  • EPSS 5.01%
  • Published 04.07.2007 15:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

7.8

CVE-2007-1647

  • EPSS 5.09%
  • Published 24.03.2007 00:19:00
  • Last modified 09.04.2025 00:30:58

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a dir...