Vulnerabilities > Moodle > Moodle > 2.2.1

DATE CVE VULNERABILITY TITLE RISK
2012-07-21 CVE-2012-2366 Unspecified vulnerability in Moodle
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.
network
low complexity
moodle
5.5
5.5
2012-07-21 CVE-2012-2365 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2361 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2360 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
network
moodle CWE-79
3.5
3.5
2012-07-21 CVE-2012-2358 Permissions, Privileges, and Access Controls vulnerability in Moodle
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist.
network
low complexity
moodle CWE-264
5.5
5.5
2012-07-21 CVE-2012-2356 Permissions, Privileges, and Access Controls vulnerability in Moodle
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
network
low complexity
moodle CWE-264
4.0
4.0
2012-07-21 CVE-2012-2355 Permissions, Privileges, and Access Controls vulnerability in Moodle
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
network
low complexity
moodle CWE-264
4.0
4.0
2012-07-21 CVE-2012-2353 Information Exposure vulnerability in Moodle
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
network
low complexity
moodle CWE-200
4.0
4.0