CVSS: 4.0EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0129
https://notcve.org/view.php?id=CVE-2014-0129
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. badges/mybadges.php en Moodle 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no rastrea debidamente el usuario a quien un badge fue entregado, lo que permite a usuarios remotos autenticados modificar la visibilidad de un badge arbitrario a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256424 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2, permiten a atacantes remotos inyectar script Web o HTML arbitrarios (1) proporcionando un playerId manipulado o (2) referenciando un dominio externo, un problema relacionado con CVE-2013-7342. • http://flash.flowplayer.org/documentation/version-history.html http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344 http://openwall.com/lists/oss-security/2014/03/17/1 https://github.com/flowplayer/flash/issues/121 https://moodle.org/mod/forum/discuss.php?d=256420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 61EXPL: 0CVE-2014-2571
https://notcve.org/view.php?id=CVE-2014-2571
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question. Vulnerabilidad de XSS en la función quiz_question_tostring en mod/quiz/editlib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a usuarios remotos autenticados inyectar script Web o HTML arbitrarios a través de una pregunta de cuestionario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256416 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0123
https://notcve.org/view.php?id=CVE-2014-0123
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. El subsistema wiki en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no restringe debidamente acceso (1) visualizar y (2) editar, lo que permite a usuarios remotos autenticados realizar operaciones wiki mediante el aprovechamiento del rol de estudiante y el uso de bloque "Recent Activity" de actividad reciente para alcanzar el wiki individual de un estudiante arbitrario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256419 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0127
https://notcve.org/view.php?id=CVE-2014-0127
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time. La implementación time-validation en (1) mod/feedback/complete.php y (2) mod/feedback/complete_guest.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a usuarios remotos autenticados evadir restricciones sobre iniciar una actividad Feedback mediante la selección de un tiempo no disponible. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256417 • CWE-264: Permissions, Privileges, and Access Controls •