Moodle

Moodle

632 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.19%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message f...

  • EPSS 1.75%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitr...

  • EPSS 1.17%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via craft...

  • EPSS 1.02%
  • Veröffentlicht 29.07.2014 11:10:32
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all...

  • EPSS 3.71%
  • Veröffentlicht 29.07.2014 11:10:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data as...

  • EPSS 1.36%
  • Veröffentlicht 29.07.2014 11:10:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity ref...

  • EPSS 1.36%
  • Veröffentlicht 29.07.2014 11:10:31
  • Zuletzt bearbeitet 06.05.2026 22:30:45

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity ...

  • EPSS 1.01%
  • Veröffentlicht 27.05.2014 00:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentic...

  • EPSS 2.99%
  • Veröffentlicht 27.05.2014 00:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-fo...

  • EPSS 1.69%
  • Veröffentlicht 27.05.2014 00:55:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML sourc...