CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2017-12156
https://notcve.org/view.php?id=CVE-2017-12156
18 Sep 2017 — Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. Moodle 3.x tiene una vulnerabilidad de Cross-Site Scripting (XSS) en el formulario de contacto en la página "non-respondents" en feedback público. • http://www.securityfocus.com/bid/100867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0CVE-2017-12157
https://notcve.org/view.php?id=CVE-2017-12157
18 Sep 2017 — In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. En Moodle 3.x, varios informes de cursos permiten a los profesores visualizar detalles sobre usuarios en los grupos a los que no pueden acceder. • http://www.securityfocus.com/bid/100848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-2642
https://notcve.org/view.php?id=CVE-2017-2642
17 Jul 2017 — Moodle 3.x has user fullname disclosure on the user preferences page. Moodle versión 3.x, presenta divulgación de nombre completo del usuario en la página de preferencias del usuario. • http://www.securityfocus.com/bid/99606 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-7532
https://notcve.org/view.php?id=CVE-2017-7532
17 Jul 2017 — In Moodle 3.x, course creators are able to change system default settings for courses. En Moodle versión 3.x, los creadores de cursos son capaces de cambiar la configuración por defecto del sistema para los cursos. • http://www.securityfocus.com/bid/99617 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
22 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y ... • http://flash.flowplayer.org/documentation/version-history.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •