Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Moodle
(Moodle)| Repositories |
• https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 521 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-04-30 | CVE-2004-1978 | Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | Moodle | N/A | ||
| 2004-08-06 | CVE-2004-1711 | Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-1425 | Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-1424 | Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | Moodle | N/A | ||
| 2004-07-27 | CVE-2004-0725 | Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | Moodle | N/A | ||
| 2018-07-10 | CVE-2018-10891 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. | Moodle | 7.3 | ||
| 2019-03-26 | CVE-2019-3849 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | Moodle | 8.8 | ||
| 2019-03-25 | CVE-2019-3808 | A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. | Moodle | 5.4 | ||
| 2018-04-04 | CVE-2018-1081 | A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. | Moodle | N/A | ||
| 2018-05-25 | CVE-2018-1133 | An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | Moodle | 8.8 |