CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2364
https://notcve.org/view.php?id=CVE-2012-2364
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lib/filelib.php en Moodle v2.0.x antgeriores a v2.0.9, v2.1.x anteriores v2.1.6, y v2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un asignación de presentación con compresión ZIP, que conduce a un dibujo de un fichero text/html durante una acción "download all". • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2365
https://notcve.org/view.php?id=CVE-2012-2365
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y 2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo idnumber sobre cohort/edit.php. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82072 https://moodle.org/mod/forum/discuss.php?d=203055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una acción nueva entrada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82074 http://www.securityfocus.com/bid/53626 https://moodle.org/mod/forum/discuss.php?d=203057 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2360
https://notcve.org/view.php?id=CVE-2012-2360
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el subsistema Wiki en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una cadena manipuladaque es insertada en eñtçitulo de la página. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2354
https://notcve.org/view.php?id=CVE-2012-2354
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos de la característica moodle/site:readallmessages y leer mensajes utilizando la característica "Recent conversations" con un parámetro modificado en la URL. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48e03792ca8faa2d781f9ef74606f3b3f0d3baec http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •