| CVE-2016-3734 |
high |
8.8 |
8.8 |
|
|
moodle |
9y ago |
Moodle Cross-site request forgery (CSRF) vulnerability |
| CVE-2016-7038 |
high |
7.3 |
7.3 |
|
|
moodle |
10y ago |
Moodle Weak Password Recovery Mechanism for Forgotten Password |
| CVE-2016-9187 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle Unrestricted file upload vulnerability |
| CVE-2016-9186 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an … |
| CVE-2016-7919 |
high |
7.5 |
7.5 |
|
|
moodle |
10y ago |
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation proces… |
| CVE-2016-2157 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle cross-site request forgery (CSRF) vulnerability |
| CVE-2015-5338 |
high |
8.8 |
8.8 |
|
|
moodle |
10y ago |
Moodle multiple cross-site request forgery (CSRF) vulnerabilities |
| CVE-2015-5267 |
high |
7.5 |
7.5 |
|
|
moodle |
10y ago |
Moodle uses predictable password-recovery tokens |
| CVE-2015-3272 |
high |
7.4 |
7.4 |
|
|
moodle |
10y ago |
Moodle open redirect vulnerability |
| CVE-2015-3179 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle allows attackers to bypass intended login restrictions |
| CVE-2015-3178 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2015-3177 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sen… |
| CVE-2015-3174 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle does not set the RISK_XSS bit for graders |
| CVE-2015-2273 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2015-2269 |
low |
— |
4.5 |
EXP |
|
moodle |
11y ago |
Moodle XSS Vulnerability |
| CVE-2015-0216 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle does not set the RISK_XSS bit for graders |
| CVE-2015-0212 |
low |
— |
3.5 |
|
|
moodle |
11y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2014-7845 |
high |
— |
7.5 |
|
|
moodle |
12y ago |
Moodle Temporary Passwords are Brute Force-able |
| CVE-2014-7835 |
low |
— |
2.1 |
|
|
moodle |
12y ago |
Moodle allows attackers to upload files containing JavaScript |
| CVE-2014-7830 |
low |
— |
3.5 |
|
|
moodle |
12y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2014-3551 |
low |
— |
3.5 |
|
|
moodle |
12y ago |
Moodle multiple cross-site scripting (XSS) vulnerabilities |
| CVE-2014-3544 |
low |
— |
4.5 |
EXP |
|
moodle |
12y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2014-3541 |
high |
— |
7.5 |
|
|
moodle |
12y ago |
Moodle vulnerable to PHP object injection attacks |
| CVE-2014-2571 |
low |
— |
3.5 |
|
|
moodle |
12y ago |
Moodle cross-site scripting (XSS) vulnerability |
| CVE-2013-4525 |
low |
— |
3.5 |
|
|
moodle |
13y ago |
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authe… |
| CVE-2013-4523 |
low |
— |
3.5 |
|
|
moodle |
13y ago |
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbit… |
| CVE-2013-5674 |
high |
— |
7.5 |
|
|
moodle |
13y ago |
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object i… |
| CVE-2013-4313 |
high |
— |
7.5 |
|
|
moodle |
13y ago |
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec… |
| CVE-2013-1835 |
low |
— |
3.5 |
|
|
moodle |
13y ago |
Moodle's login_as feature leaks information from external repositories |
| CVE-2013-1833 |
low |
— |
3.5 |
|
|
moodle |
13y ago |
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module |
| CVE-2012-3396 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrato… |
| CVE-2012-3393 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by… |
| CVE-2012-3390 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive i… |
| CVE-2012-2365 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnu… |
| CVE-2012-2364 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script o… |
| CVE-2012-2362 |
low |
— |
2.6 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web scri… |
| CVE-2012-2361 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authen… |
| CVE-2012-2360 |
low |
— |
3.5 |
|
|
moodle |
14y ago |
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web scrip… |
| CVE-2012-0801 |
high |
— |
7.5 |
|
|
moodle |
14y ago |
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. |
| CVE-2012-0800 |
low |
— |
2.1 |
|
|
moodle |
14y ago |
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the … |
| CVE-2010-1615 |
high |
— |
7.5 |
|
|
moodle |
16y ago |
Moodle vulnerable to SQL injection |
