Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-20 | CVE-2017-5542 | Cross-site Scripting vulnerability in Getsymphony Symphony Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter. | 6.1 |
| 2017-01-20 | CVE-2017-5541 | Path Traversal vulnerability in Getsymphony Symphony Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. | 5.3 |
| 2017-01-20 | CVE-2017-2578 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS in the assignment submission page. | 6.1 |
| 2017-01-20 | CVE-2017-2576 | Improper Input Validation vulnerability in Moodle In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | 5.3 |
| 2017-01-20 | CVE-2016-8644 | Permissions, Privileges, and Access Controls vulnerability in Moodle In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | 5.3 |
| 2017-01-20 | CVE-2016-8643 | Improper Access Control vulnerability in Moodle In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | 4.3 |
| 2017-01-20 | CVE-2016-8642 | Improper Access Control vulnerability in Moodle In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | 5.3 |
| 2017-01-20 | CVE-2016-5014 | Information Exposure vulnerability in Moodle In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | 5.4 |
| 2017-01-20 | CVE-2016-5013 | Injection vulnerability in Moodle In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | 5.4 |
| 2017-01-20 | CVE-2016-5012 | Information Exposure vulnerability in Moodle 3.1.0 In Moodle 3.x, glossary search displays entries without checking user permissions to view them. | 5.3 |