Search CVE reports
241 – 250 of 582 results
CVE-2017-2578
Low priorityIn Moodle 3.x, there is XSS in the assignment submission page.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-2576
Low priorityIn Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-8644
Medium priorityIn Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-8643
Medium priorityIn Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-8642
Medium priorityIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-7038
Low priorityIn Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-5014
Low priorityIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-5013
Medium priorityIn Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2016-5012
Low priorityIn Moodle 3.x, glossary search displays entries without checking user permissions to view them.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Not affected | Not affected |
CVE-2016-9188
Medium priorityCross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Ignored | Ignored |