Vulnerabilities > Moodle > Moodle > 2.7.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2018-1081 | Unspecified vulnerability in Moodle A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. | 5.3 |
| 2018-01-22 | CVE-2018-1045 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS via a calendar event name. | 5.4 |
| 2018-01-22 | CVE-2018-1044 | Information Exposure vulnerability in Moodle In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | 4.3 |
| 2018-01-22 | CVE-2018-1042 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.x has Server Side Request Forgery in the filepicker. | 6.5 |
| 2017-11-20 | CVE-2017-15110 | Information Exposure vulnerability in Moodle In Moodle 3.x, students can find out email addresses of other students in the same course. | 4.3 |
| 2017-05-15 | CVE-2017-7491 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | 4.3 |
| 2017-05-15 | CVE-2017-7490 | Exposure of Resource to Wrong Sphere vulnerability in Moodle In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | 5.3 |
| 2017-05-15 | CVE-2017-7489 | Improper Privilege Management vulnerability in Moodle In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | 6.3 |
| 2017-04-20 | CVE-2016-3734 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read. | 8.8 |
| 2017-04-20 | CVE-2016-3733 | Improper Access Control vulnerability in Moodle The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | 4.3 |