Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-07-25 | CVE-2008-3327 | Information Exposure vulnerability in Moodle 1.6.5 Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | 4.3 |
| 2008-07-25 | CVE-2008-3325 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | 6.0 |
| 2008-03-25 | CVE-2008-1502 | Cross-Site Scripting vulnerability in multiple products The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. | 4.3 |
| 2008-01-12 | CVE-2008-0123 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. | 4.3 |
| 2007-07-04 | CVE-2007-3555 | Cross-Site Scripting vulnerability in Moodle 1.7.1 Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. network moodle | 4.3 |
| 2006-12-18 | CVE-2006-6626 | Input Validation vulnerability in Moodle Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. network moodle | 6.8 |
| 2006-12-18 | CVE-2006-6625 | Input Validation vulnerability in Moodle 1.6.1 Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. network moodle | 6.8 |
| 2006-10-10 | CVE-2006-5219 | SQL Injection vulnerability in Moodle 1.6.2 SQL injection vulnerability in blog/index.php in the blog module in Moodle 1.6.2 allows remote attackers to execute arbitrary SQL commands via a double-encoded tag parameter. | 5.1 |
| 2006-09-23 | CVE-2006-4943 | Unspecified vulnerability in Moodle course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | 5.0 |
| 2006-09-23 | CVE-2006-4942 | Unspecified vulnerability in Moodle Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php. | 4.6 |