Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2017-03-26 CVE-2017-2645 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
6.1
2017-03-26 CVE-2017-2644 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, XSS can occur via evidence of prior learning.
network
low complexity
moodle CWE-79
6.1
6.1
2017-03-26 CVE-2017-2643 Information Exposure vulnerability in Moodle 3.2.0/3.2.1
In Moodle 3.2.x, global search displays user names for unauthenticated users.
network
low complexity
moodle CWE-200
5.3
5.3
2017-03-26 CVE-2017-2641 SQL Injection vulnerability in Moodle
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
network
low complexity
moodle CWE-89
critical
 9.8
9.8
2017-01-20 CVE-2017-2578 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, there is XSS in the assignment submission page.
network
low complexity
moodle CWE-79
6.1
6.1
2017-01-20 CVE-2017-2576 Improper Input Validation vulnerability in Moodle
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
network
low complexity
moodle CWE-20
5.3
5.3
2017-01-20 CVE-2016-8644 Permissions, Privileges, and Access Controls vulnerability in Moodle
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
network
low complexity
moodle CWE-264
5.3
5.3
2017-01-20 CVE-2016-8643 Improper Access Control vulnerability in Moodle
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
network
low complexity
moodle CWE-284
4.3
4.3
2017-01-20 CVE-2016-8642 Improper Access Control vulnerability in Moodle
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
network
low complexity
moodle CWE-284
5.3
5.3
2017-01-20 CVE-2016-7038 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Moodle
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
network
low complexity
moodle CWE-640
7.3
7.3