CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2273
https://notcve.org/view.php?id=CVE-2015-2273
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. Vulnerabilidad de XSS en mod/quiz/report/statistics/statistics_question_table.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML mediante el aprovechamiento del role de estudiante para una respuesta de cuestionario manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3180
https://notcve.org/view.php?id=CVE-2015-3180
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. lib/navigationlib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados obtener información sensible de la estructura de cursos mediante el aprovechamiento del acceso a una cuenta de estudiante con una matrícula suspendida. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74729 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313687 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2272
https://notcve.org/view.php?id=CVE-2015-2272
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. login/token.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados evadir un requisito de cambio de contraseña forzado mediante la creación de un token de servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691 http://openwall.com/lists/oss-security/2015/03/16/1 http://www.securityfocus.com/bid/73166 https://moodle.org/mod/forum/discuss.php?d=307386 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3178
https://notcve.org/view.php?id=CVE-2015-3178
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. Vulnerabilidad de XSS en la función external_format_text en lib/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML en una aplicación externa a través de una cadena manipulada que es visible para los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74726 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2266
https://notcve.org/view.php?id=CVE-2015-2266
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. message/index.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 no considera la capacidad moodle/site:readallmessages antes de acceder a conversaciones arbitrarias, lo que permite a usuarios remotos autenticados obtener información sensible sobre contactos personales y la cuenta de mensajes no leídos a través de una URL modificada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •