Show filters
16 Total Results
Displaying 11-16 of 16
Sort by:
Attacker Value
Unknown
CVE-2017-7490
Disclosure Date: May 15, 2017 (last updated November 26, 2024)
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
0
Attacker Value
Unknown
CVE-2017-2641
Disclosure Date: March 26, 2017 (last updated November 26, 2024)
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
0
Attacker Value
Unknown
CVE-2017-2643
Disclosure Date: March 26, 2017 (last updated November 26, 2024)
In Moodle 3.2.x, global search displays user names for unauthenticated users.
0
Attacker Value
Unknown
CVE-2017-2644
Disclosure Date: March 26, 2017 (last updated November 26, 2024)
In Moodle 3.x, XSS can occur via evidence of prior learning.
0
Attacker Value
Unknown
CVE-2017-2645
Disclosure Date: March 26, 2017 (last updated November 26, 2024)
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
0
Attacker Value
Unknown
CVE-2013-7341
Disclosure Date: March 24, 2014 (last updated October 05, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
0
