CVSS: 6.1EPSS: 13%CPEs: 18EXPL: 3CVE-2013-4341 – Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4341
16 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. Múltiples vulnerabilidades de XSS en Moodle de la versión 2.2.11, 2.3.x anterior a 2.3.9, 2.4.x anterior a 2.4.6, y 2.5.x anterior a 2.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un enlace al blog dentro de... • https://packetstorm.news/files/id/164479 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5674
https://notcve.org/view.php?id=CVE-2013-5674
16 Sep 2013 — badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. badges/external.php en Moodle 2.5.x anteriores a 2.5.2 no maneja adecuadamente un objeto obtenido deserializando una descripción de badge externo, lo que permite a un atacante remoto realizar ataques de in... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40924 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2244
https://notcve.org/view.php?id=CVE-2013-2244
26 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field. Multiples vulnerabilidades XSS en lib/conditionlib.php en Moodle 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del valor de la regla condicional de acceso de un campo de... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4941
https://notcve.org/view.php?id=CVE-2013-4941
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el uploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2013-4942
https://notcve.org/view.php?id=CVE-2013-4942
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el flashuploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2245
https://notcve.org/view.php?id=CVE-2013-2245
26 Jul 2013 — rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. rss/file.php en Moodle a la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 no implementa adecuadamente el uso de los tokens RSS para suplantación, lo que permi... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4940
https://notcve.org/view.php?id=CVE-2013-4940
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.10.2 a la 3.9.1, utilizado en Mo... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2243
https://notcve.org/view.php?id=CVE-2013-2243
26 Jul 2013 — mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. mod/lesson/pagetypes/matching.php en Moodle 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1, permite a usuarios autenticados remotamente obtener información de respuesta sensible mediante la lectura del código HTML de u... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-4938
https://notcve.org/view.php?id=CVE-2013-4938
26 Jul 2013 — The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. La implementación deLTI (aka IMS-LTI) mod_form en Moodle hasta la 2.1.10, 2.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4939
https://notcve.org/view.php?id=CVE-2013-4939
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.0.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anteri... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •