CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3546
https://notcve.org/view.php?id=CVE-2014-3546
29 Jul 2014 — Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 no fuerza ciertos requisitos de capacidad en (1) notes/index.php y (2) user/ed... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 1%CPEs: 35EXPL: 6CVE-2014-3544 – Moodle 2.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3544
25 Jul 2014 — Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. Vulnerabilidad de XSS en user/profile.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos w... • https://packetstorm.news/files/id/127624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •