CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5337
https://notcve.org/view.php?id=CVE-2015-5337
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file. Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 no restringe adecuadamente la disponibilidad de Flowplayer, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) a través de un archivo .swf manipulado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085 https://moodle.org/mod/forum/discuss.php?d=323232 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0725
https://notcve.org/view.php?id=CVE-2016-0725
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. Vulnerabilidad de XSS en la función search_pagination en course/classes/management_renderer.php en Moodle 2.8.x en versiones anteriores a 2.8.10, 2.9.x en versiones anteriores a 2.9.4 y 3.0.x en versiones anteriores a 3.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena de búsqueda manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176502.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176436.html http://www.openwall.com/lists/oss-security/2016/01/18/1 http://www.securitytracker.com/id/1034694 https://moodle.org/mod/forum/discuss.php?d=326206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2267
https://notcve.org/view.php?id=CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. mdeploy.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados evadir las restricciones de acceso y extraer archivos a directorios arbitrarios a través de un valor dataroot manipulado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307381 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2268
https://notcve.org/view.php?id=CVE-2015-2268
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. filter/urltolink/filter.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU o interrupción parcial) a través de una cadena manipulada que coincide con una expresión regular incorrecta. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307382 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3176
https://notcve.org/view.php?id=CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. La característica de la confirmación de cuentas en login/confirm.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a atacantes remotos obtener información sensible de nombres completos mediante el intento de autoregistrarse. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74644 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •