CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3178
https://notcve.org/view.php?id=CVE-2015-3178
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. Vulnerabilidad de XSS en la función external_format_text en lib/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML en una aplicación externa a través de una cadena manipulada que es visible para los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74726 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-0218
https://notcve.org/view.php?id=CVE-2015-0218
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Vulnerabilidad de CSRF en auth/shibboleth/logout.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278618 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3179
https://notcve.org/view.php?id=CVE-2015-3179
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. login/confirm.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados evadir las restricciones de inicio de sesión mediante el aprovechamiento del acceso a una cuenta suspendida no confirmada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74725 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313686 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3181
https://notcve.org/view.php?id=CVE-2015-3181
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. files/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 no considera la capacidad moodle/user:manageownfiles antes de aprobar una subida de ficheros privados, lo que permite a usuarios remotoa autenticados evadir las restricciones de la gestión de ficheros mediante el uso de servicios web para realizar subidas después de que esta capacidad haya sido revocada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74728 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313688 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3180
https://notcve.org/view.php?id=CVE-2015-3180
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. lib/navigationlib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados obtener información sensible de la estructura de cursos mediante el aprovechamiento del acceso a una cuenta de estudiante con una matrícula suspendida. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74729 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313687 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •