CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2153
https://notcve.org/view.php?id=CVE-2016-2153
22 May 2016 — Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. Vulnerabilidad de XSS en la funcionalidad advanced-search en mod_data en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11,... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2156
https://notcve.org/view.php?id=CVE-2016-2156
22 May 2016 — calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request. alendar/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2157
https://notcve.org/view.php?id=CVE-2016-2157
22 May 2016 — Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. Vulnerabilidad de CSRF en mod/assign/adminmanageplugins.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteri... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2158
https://notcve.org/view.php?id=CVE-2016-2158
22 May 2016 — lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. lib/ajax/getnavbranch.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2159
https://notcve.org/view.php?id=CVE-2016-2159
22 May 2016 — The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. La función save_submission en mod/assign/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 21EXPL: 0CVE-2015-3275
https://notcve.org/view.php?id=CVE-2015-3275
22 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php. Múltiples vulnerabilidades de XSS en el módulo SCORM en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.9, 2.8.x en versiones anteriores a 2.8.7 y 2.9.x en versiones anteriores a ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5335
https://notcve.org/view.php?id=CVE-2015-5335
22 Feb 2016 — Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. Vulnerabilidad de CSRF en admin/registration/register.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5336
https://notcve.org/view.php?id=CVE-2015-5336
22 Feb 2016 — Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer. Múltiples vulnerabilidades de XSS en el módulo survey en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 p... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5337
https://notcve.org/view.php?id=CVE-2015-5337
22 Feb 2016 — Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file. Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 no restringe adecuadamente la disponibilidad de Flowplayer, lo que permite a atacantes remotos llevar a cabo ataque... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5338
https://notcve.org/view.php?id=CVE-2015-5338
22 Feb 2016 — Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php. Múltiples vulnerabilidades de CSRF en el módulo lesson en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriore... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109 • CWE-352: Cross-Site Request Forgery (CSRF) •