CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2010-2228
https://notcve.org/view.php?id=CVE-2010-2228
28 Jun 2010 — Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfase de control de acceso MNET en Moodle anteriores a v1.8.13 y v1.9.x anteriores a v1.9.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de ve... • http://docs.moodle.org/en/Moodle_1.8.13_release_notes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 53EXPL: 0CVE-2010-2229
https://notcve.org/view.php?id=CVE-2010-2229
28 Jun 2010 — Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blog/index.php en Moodle anteriores a v1.8.13 y v1.9.x anteriores a v1.9.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 53EXPL: 0CVE-2010-2230
https://notcve.org/view.php?id=CVE-2010-2230
28 Jun 2010 — The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. El filtro de limpieza de KSES en lib/weblib.php en Moodle anteriores a v1.8.13 y v1.9.x anteriores a v1.9.9 no gestiona de forma adecuada direcciones URI vbscript, lo que permite a usuarios autenticados remotos conducir un ataque ejecución de secuencias de comandos (XSS) tra... • http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 53EXPL: 0CVE-2010-2231
https://notcve.org/view.php?id=CVE-2010-2231
28 Jun 2010 — Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en report/overview/report.php en el módulo quiz en Moodle anteriores a v1.8.13 y v1.9.x anteriores a v1.9.9, permite a atacantes remotos secuestrar la autenti... • http://cvs.moodle.org/moodle/mod/quiz/report/overview/report.php?r1=1.98.2.50&r2=1.98.2.51 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1613
https://notcve.org/view.php?id=CVE-2010-1613
29 Apr 2010 — Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. Moodle v1.8.x y v1.9.x anterior a v1.9.8 no habilita el "Regenerate session id during login" (regenerar id de sesión al acceder) como configuración por defecto, lo cual facilita a los atacantes remotos realizar ataques de fijación de sesión. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1614
https://notcve.org/view.php?id=CVE-2010-1614
29 Apr 2010 — Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mo... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1615
https://notcve.org/view.php?id=CVE-2010-1615
29 Apr 2010 — Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. Múltiples vulnerabilidades de inyección SQL en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8 permite a atacantes remotos ejecutar comandos SQL a través de vectores relacio... • http://cvs.moodle.org/moodle/lib/form/selectgroups.php?r1=1.2.4.2&r2=1.2.4.3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1616
https://notcve.org/view.php?id=CVE-2010-1616
29 Apr 2010 — Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. Moodle v1.8.x y v1.9.x anterior a v1.9.8 puede crear nuevos roles al restaurar un curso, lo cual permite a los profesores crear nuevas cuentas, incluso si no tienen permisos moodle/user:create. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1617
https://notcve.org/view.php?id=CVE-2010-1617
29 Apr 2010 — user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. user/view.php en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8 no comprueba correctamente un rol, lo cual permite a usuarios remotos autenticados obtener los nombres completos de otros usuarios a través de la página del perfil del curso. • http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1618
https://notcve.org/view.php?id=CVE-2010-1618
29 Apr 2010 — Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la biblioteca de cliente phpCAS anterior a v1.1.0, utilizado en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8, permite a atacantes remoto... • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •