CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0CVE-2015-0217
https://notcve.org/view.php?id=CVE-2015-0217
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. filter/mediaplugin/filter.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU o interrupción parcial) a través de una cadena manipulada que coincide con una expresión regular incorrecta. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278617 • CWE-399: Resource Management Errors •
CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0CVE-2015-2266
https://notcve.org/view.php?id=CVE-2015-2266
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. message/index.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 no considera la capacidad moodle/site:readallmessages antes de acceder a conversaciones arbitrarias, lo que permite a usuarios remotos autenticados obtener información sensible sobre contactos personales y la cuenta de mensajes no leídos a través de una URL modificada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2015-0215
https://notcve.org/view.php?id=CVE-2015-0215
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. calendar/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a usuarios remotos autenticados obtener información sensible sobre eventos del calendario a través de una solicitud de los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 1CVE-2015-2269 – Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. Múltiples vulnerabilidades de XSS en lib/javascript-static.js en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de un atributo (1) alt o (2) title en un elemento IMG. Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags. • https://www.exploit-db.com/exploits/36418 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 19EXPL: 0CVE-2014-7830
https://notcve.org/view.php?id=CVE-2014-7830
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter. Vulnerabilidad de XSS en mod/feedback/mapcourse.php en el módulo Feedback en Moodle hasta 2.4.11, 2.5.x anterior a 2.5.9, 2.6.x anterior a 2.6.6, y 2.7.x anterior a 2.7.3 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios mediante el aprovechamiento de la funcionalidad mod/feedback:mapcourse para proporcionar un parámetro searchcourse. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865 http://openwall.com/lists/oss-security/2014/11/17/11 http://www.securityfocus.com/bid/71119 http://www.securitytracker.com/id/1031215 https://moodle.org/mod/forum/discuss.php?d=275147 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •