Moodle
(Moodle)| Repositories |
•
https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 398 |
| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2020-05-21 | CVE-2020-10738 | A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | Moodle | N/A | |
| 2020-03-31 | CVE-2019-14880 | A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | Moodle | N/A | |
| 2020-03-18 | CVE-2019-14881 | A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | Moodle | N/A | |
| 2020-01-07 | CVE-2019-14879 | A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | Moodle | N/A | |
| 2020-03-18 | CVE-2019-14883 | A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | Moodle | N/A | |
| 2020-03-18 | CVE-2019-14884 | A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | Moodle | N/A | |
| 2020-03-18 | CVE-2019-14882 | A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | Moodle | N/A | |
| 2020-02-17 | CVE-2020-1692 | Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | Moodle | N/A | |
| 2020-02-11 | CVE-2019-18210 | Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's... | Moodle | N/A | |
| 2012-07-17 | CVE-2012-0797 | The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | Moodle | N/A |