CVSS: 7.1EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2242
https://notcve.org/view.php?id=CVE-2013-2242
26 Jul 2013 — mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. mod/chat/gui_sockets/index.php en Moodle desde 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1, no considera la ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2243
https://notcve.org/view.php?id=CVE-2013-2243
26 Jul 2013 — mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. mod/lesson/pagetypes/matching.php en Moodle 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1, permite a usuarios autenticados remotamente obtener información de respuesta sensible mediante la lectura del código HTML de u... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2013-2244
https://notcve.org/view.php?id=CVE-2013-2244
26 Jul 2013 — Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field. Multiples vulnerabilidades XSS en lib/conditionlib.php en Moodle 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del valor de la regla condicional de acceso de un campo de... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37516 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2245
https://notcve.org/view.php?id=CVE-2013-2245
26 Jul 2013 — rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. rss/file.php en Moodle a la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 no implementa adecuadamente el uso de los tokens RSS para suplantación, lo que permi... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2246
https://notcve.org/view.php?id=CVE-2013-2246
26 Jul 2013 — mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. mod/feedback/lib.php en Moodle a la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 n... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-4938
https://notcve.org/view.php?id=CVE-2013-4938
26 Jul 2013 — The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. La implementación deLTI (aka IMS-LTI) mod_form en Moodle hasta la 2.1.10, 2.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-40308 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4940
https://notcve.org/view.php?id=CVE-2013-4940
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.10.2 a la 3.9.1, utilizado en Mo... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4941
https://notcve.org/view.php?id=CVE-2013-4941
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el uploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 50EXPL: 0CVE-2013-4942
https://notcve.org/view.php?id=CVE-2013-4942
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el flashuploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4939
https://notcve.org/view.php?id=CVE-2013-4939
26 Jul 2013 — Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.0.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anteri... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •