CVE-2016-5013
https://notcve.org/view.php?id=CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam. • http://www.securityfocus.com/bid/92040 https://moodle.org/mod/forum/discuss.php?d=336698 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-8643
https://notcve.org/view.php?id=CVE-2016-8643
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. En Moodle 2.x y 3.x, gestores del sitio no administradores podrían editar accidentalmente los administradores a través de los servicios web. • http://www.securityfocus.com/bid/94457 https://moodle.org/mod/forum/discuss.php?d=343276 • CWE-284: Improper Access Control •
CVE-2016-5012
https://notcve.org/view.php?id=CVE-2016-5012
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas. • http://www.securityfocus.com/bid/92041 https://moodle.org/mod/forum/discuss.php?d=336697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9188
https://notcve.org/view.php?id=CVE-2016-9188
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. Vulnerabilidades de XSS en Moodle CMS en o en versiones anteriores a 3.1.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros s_additionalhtmlhead, s_additionalhtmltopofbody y s_additionalhtmlfooter parameters. • http://www.securityfocus.com/bid/94189 https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •