Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2015-3176

  • EPSS 0.44%
  • Veröffentlicht 01.06.2015 19:59:19
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

5.8

CVE-2015-3175

  • EPSS 0.4%
  • Veröffentlicht 01.06.2015 19:59:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an erro...

3.5

CVE-2015-3174

  • EPSS 0.23%
  • Veröffentlicht 01.06.2015 19:59:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via craft...

3.5

CVE-2015-2273

  • EPSS 0.21%
  • Veröffentlicht 01.06.2015 19:59:16
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web scr...

4

CVE-2015-2272

  • EPSS 0.28%
  • Veröffentlicht 01.06.2015 19:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

4

CVE-2015-2271

  • EPSS 0.21%
  • Veröffentlicht 01.06.2015 19:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass...

4.3

CVE-2015-2270

  • EPSS 0.28%
  • Veröffentlicht 01.06.2015 19:59:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allow...

3.5

CVE-2015-2269

  • EPSS 0.53%
  • Veröffentlicht 01.06.2015 19:59:12
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) ...

6.8

CVE-2015-2268

  • EPSS 0.59%
  • Veröffentlicht 01.06.2015 19:59:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matche...

4

CVE-2015-2267

  • EPSS 0.19%
  • Veröffentlicht 01.06.2015 19:59:10
  • Zuletzt bearbeitet 12.04.2025 10:46:40

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.