Download
| Alert*
oval:org.secpod.oval:def:112208
Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:112223 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:1901014 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:112417 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:112418 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... |