CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2153
https://notcve.org/view.php?id=CVE-2016-2153
22 May 2016 — Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. Vulnerabilidad de XSS en la funcionalidad advanced-search en mod_data en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11,... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2154
https://notcve.org/view.php?id=CVE-2016-2154
22 May 2016 — admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule. admin/tool/monitor/lib.php en Event Monitor en Moodle 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones anteriores a 3.0.3 no considera la capacidad moodle/course:viewhiddencourses,... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2155
https://notcve.org/view.php?id=CVE-2016-2155
22 May 2016 — The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role. La funcionalidad grade-reporting en Singleview (también conocida como Single View) en Moodle 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones anteriores... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2156
https://notcve.org/view.php?id=CVE-2016-2156
22 May 2016 — calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request. alendar/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2157
https://notcve.org/view.php?id=CVE-2016-2157
22 May 2016 — Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. Vulnerabilidad de CSRF en mod/assign/adminmanageplugins.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteri... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2158
https://notcve.org/view.php?id=CVE-2016-2158
22 May 2016 — lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. lib/ajax/getnavbranch.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2159
https://notcve.org/view.php?id=CVE-2016-2159
22 May 2016 — The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. La función save_submission en mod/assign/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-0724
https://notcve.org/view.php?id=CVE-2016-0724
22 Feb 2016 — The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request. Los servicios web (1) core_enrol_get_course_enrolment_methods y (2) enrol_self_get_instance_info en Moodle hasta la versión 2.6.11, 2.7.x en... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2016-0725
https://notcve.org/view.php?id=CVE-2016-0725
22 Feb 2016 — Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. Vulnerabilidad de XSS en la función search_pagination en course/classes/management_renderer.php en Moodle 2.8.x en versiones anteriores a 2.8.10, 2.9.x en versiones anteriores a 2.9.4 y 3.0.x en versiones anteriores a 3.0.2 permi... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •