Show filters
12 Total Results
Displaying 1-10 of 12
Sort by:
Attacker Value
Unknown

CVE-2018-1044

Disclosure Date: January 22, 2018 (last updated November 26, 2024)
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
0
0
Attacker Value
Unknown

CVE-2018-1042

Disclosure Date: January 22, 2018 (last updated November 26, 2024)
Moodle 3.x has Server Side Request Forgery in the filepicker.
0
0
Attacker Value
Unknown

CVE-2018-1043

Disclosure Date: January 22, 2018 (last updated November 26, 2024)
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
0
0
Attacker Value
Unknown

CVE-2018-1045

Disclosure Date: January 22, 2018 (last updated November 26, 2024)
In Moodle 3.x, there is XSS via a calendar event name.
0
0
Attacker Value
Unknown

CVE-2017-12156

Disclosure Date: September 18, 2017 (last updated November 26, 2024)
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
0
0
Attacker Value
Unknown

CVE-2017-12157

Disclosure Date: September 18, 2017 (last updated November 26, 2024)
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
0
0
Attacker Value
Unknown

CVE-2017-7532

Disclosure Date: July 17, 2017 (last updated November 26, 2024)
In Moodle 3.x, course creators are able to change system default settings for courses.
0
0
Attacker Value
Unknown

CVE-2017-2642

Disclosure Date: July 17, 2017 (last updated November 26, 2024)
Moodle 3.x has user fullname disclosure on the user preferences page.
0
0
Attacker Value
Unknown

CVE-2017-7531

Disclosure Date: July 17, 2017 (last updated November 26, 2024)
In Moodle 3.3, the course overview block reveals activities in hidden courses.
0
0
Attacker Value
Unknown

CVE-2013-4939

Disclosure Date: July 29, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
0
0
View More Topics  Next >