Vulnerabilities > Moodle > Moodle > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-21 | CVE-2012-2366 | Unspecified vulnerability in Moodle mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | 5.5 |
2012-07-21 | CVE-2012-2365 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | 3.5 |
2012-07-21 | CVE-2012-2361 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | 3.5 |
2012-07-21 | CVE-2012-2360 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | 3.5 |
2012-07-21 | CVE-2012-2358 | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | 5.5 |
2012-07-21 | CVE-2012-2356 | Permissions, Privileges, and Access Controls vulnerability in Moodle The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | 4.0 |
2012-07-21 | CVE-2012-2355 | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | 4.0 |
2012-07-21 | CVE-2012-2353 | Information Exposure vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | 4.0 |
2012-07-20 | CVE-2011-4590 | Improper Authentication vulnerability in Moodle The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | 4.0 |
2012-07-20 | CVE-2011-4589 | Permissions, Privileges, and Access Controls vulnerability in Moodle backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 5.5 |