Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Moodle
(Moodle)| Repositories |
• https://github.com/moodle/moodle
• https://github.com/tinymce/tinymce_spellchecker_php |
| #Vulnerabilities | 521 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-05-15 | CVE-2017-7489 | In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | Moodle | 6.3 | ||
| 2019-07-31 | CVE-2019-10189 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | Moodle | 4.3 | ||
| 2019-07-31 | CVE-2019-10188 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. | Moodle | 4.3 | ||
| 2019-07-31 | CVE-2019-10187 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. | Moodle | 4.3 | ||
| 2018-01-22 | CVE-2018-1042 | Moodle 3.x has Server Side Request Forgery in the filepicker. | Moodle | 6.5 | ||
| 2019-03-21 | CVE-2019-6970 | Moodle 3.5.x before 3.5.4 allows SSRF. | Moodle | 7.5 | ||
| 2019-03-26 | CVE-2019-3852 | A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | Moodle | 4.3 | ||
| 2019-03-26 | CVE-2019-3851 | A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | Fedora, Moodle | 4.3 | ||
| 2019-03-26 | CVE-2019-3850 | A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. | Moodle | 6.1 | ||
| 2019-03-25 | CVE-2019-3809 | A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | Moodle | 10.0 |