Download
| Alert*
oval:org.secpod.oval:def:111979
Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:111986 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:112223 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:112208 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:1900747 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. oval:org.secpod.oval:def:1900815 In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. oval:org.secpod.oval:def:112417 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:112418 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:1900913 Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. oval:org.secpod.oval:def:1900905 In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. oval:org.secpod.oval:def:1901014 The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users. oval:org.secpod.oval:def:1900889 In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. oval:org.secpod.oval:def:1901196 In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. oval:org.secpod.oval:def:1901254 In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. oval:org.secpod.oval:def:1901311 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. oval:org.secpod.oval:def:1901433 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. oval:org.secpod.oval:def:1901430 Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions. oval:org.secpod.oval:def:113273 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:113265 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:1901459 In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. oval:org.secpod.oval:def:1901420 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. oval:org.secpod.oval:def:1901425 In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can"t access. oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... |