CVSS: 5.4EPSS: 0%CPEs: 35EXPL: 0CVE-2014-3553
https://notcve.org/view.php?id=CVE-2014-3553
29 Jul 2014 — mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. mod/forum/classes/post_form.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 1%CPEs: 35EXPL: 6CVE-2014-3544 – Moodle 2.7 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-3544
25 Jul 2014 — Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. Vulnerabilidad de XSS en user/profile.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos w... • https://packetstorm.news/files/id/127624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •