CVE-2017-2576
https://notcve.org/view.php?id=CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •
CVE-2016-8642
https://notcve.org/view.php?id=CVE-2016-8642
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles. • http://www.securityfocus.com/bid/94441 https://moodle.org/mod/forum/discuss.php?d=343275 • CWE-284: Improper Access Control •
CVE-2016-5014
https://notcve.org/view.php?id=CVE-2016-5014
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. En Moodle 2.x y 3.x, un usuario no registrado sigue recibiendo notificaciones de supervisión de eventos aunque no pueda acceder al curso. • http://www.securityfocus.com/bid/92042 https://moodle.org/mod/forum/discuss.php?d=336699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5013
https://notcve.org/view.php?id=CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam. • http://www.securityfocus.com/bid/92040 https://moodle.org/mod/forum/discuss.php?d=336698 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •