Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-26 | CVE-2017-2644 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, XSS can occur via evidence of prior learning. | 6.1 |
| 2017-03-26 | CVE-2017-2643 | Information Exposure vulnerability in Moodle 3.2.0/3.2.1 In Moodle 3.2.x, global search displays user names for unauthenticated users. | 5.3 |
| 2017-01-20 | CVE-2017-2578 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS in the assignment submission page. | 6.1 |
| 2017-01-20 | CVE-2017-2576 | Improper Input Validation vulnerability in Moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 5.3 |
| 2017-01-20 | CVE-2016-8644 | Permissions, Privileges, and Access Controls vulnerability in Moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | 5.3 |
| 2017-01-20 | CVE-2016-8643 | Improper Access Control vulnerability in Moodle In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | 4.3 |
| 2017-01-20 | CVE-2016-8642 | Improper Access Control vulnerability in Moodle In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | 5.3 |
| 2017-01-20 | CVE-2016-5014 | Information Exposure vulnerability in Moodle In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | 5.4 |
| 2017-01-20 | CVE-2016-5013 | Injection vulnerability in Moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | 5.4 |
| 2017-01-20 | CVE-2016-5012 | Information Exposure vulnerability in Moodle 3.1.0 In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | 5.3 |