Vulnerabilities > Moodle > Moodle > 2.7.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-02-22 | CVE-2015-5336 | Cross-site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer. | 3.5 |
2016-02-22 | CVE-2015-5335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. | 4.3 |