Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Moodle
(Moodle)| Repositories |
• https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 521 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-31 | CVE-2004-2237 | Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-2236 | Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-2233 | Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors. | Moodle | N/A | ||
| 2004-04-30 | CVE-2004-1978 | Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | Moodle | N/A | ||
| 2004-08-06 | CVE-2004-1711 | Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-1425 | Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | Moodle | N/A | ||
| 2004-12-31 | CVE-2004-1424 | Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | Moodle | N/A | ||
| 2004-07-27 | CVE-2004-0725 | Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | Moodle | N/A | ||
| 2018-07-10 | CVE-2018-10891 | A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. | Moodle | 7.3 | ||
| 2019-03-26 | CVE-2019-3849 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | Moodle | 8.8 |