CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-5012
https://notcve.org/view.php?id=CVE-2016-5012
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas. • http://www.securityfocus.com/bid/92041 https://moodle.org/mod/forum/discuss.php?d=336697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2016-7038
https://notcve.org/view.php?id=CVE-2016-7038
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla. • http://www.securityfocus.com/bid/93174 https://moodle.org/mod/forum/discuss.php?d=339631 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-8642
https://notcve.org/view.php?id=CVE-2016-8642
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles. • http://www.securityfocus.com/bid/94441 https://moodle.org/mod/forum/discuss.php?d=343275 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-8643
https://notcve.org/view.php?id=CVE-2016-8643
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. En Moodle 2.x y 3.x, gestores del sitio no administradores podrían editar accidentalmente los administradores a través de los servicios web. • http://www.securityfocus.com/bid/94457 https://moodle.org/mod/forum/discuss.php?d=343276 • CWE-284: Improper Access Control •