CVE-2017-2644
https://notcve.org/view.php?id=CVE-2017-2644
In Moodle 3.x, XSS can occur via evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96979 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2645
https://notcve.org/view.php?id=CVE-2017-2645
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de adjuntos a la evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96982 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-5012
https://notcve.org/view.php?id=CVE-2016-5012
In Moodle 3.x, glossary search displays entries without checking user permissions to view them. En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas. • http://www.securityfocus.com/bid/92041 https://moodle.org/mod/forum/discuss.php?d=336697 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-7038
https://notcve.org/view.php?id=CVE-2016-7038
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla. • http://www.securityfocus.com/bid/93174 https://moodle.org/mod/forum/discuss.php?d=339631 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •