Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.7.0 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-3549
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x prior to 2.7.1 allows remote malicious users to inject arbitrary web script or HTML via a crafted username that is improperly handled during the log...
Moodle Moodle 2.7.0
4.3
CVSSv2
CVE-2014-3550
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.
Moodle Moodle 2.7.0
4
CVSSv2
CVE-2015-5272
The Forum module in Moodle 2.7.x prior to 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
Moodle Moodle 2.7.1
Moodle Moodle 2.7.6
Moodle Moodle 2.7.2
Moodle Moodle 2.7.4
Moodle Moodle 2.7.9
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.0
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
4.3
CVSSv2
CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x prior to 2.5.7, 2.6.x prior to 2.6.4, and 2.7.x prior to 2.7.1 allow remote malicious users to inject arbitrary web script or HTML via an external badge.
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle 2.5.6
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
4
CVSSv2
CVE-2014-7833
mod/data/edit.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the data...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
5.5
CVSSv2
CVE-2014-7837
mod/wiki/admin.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
3.5
CVSSv2
CVE-2014-7830
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by lev...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
4
CVSSv2
CVE-2014-7834
mod/forum/externallib.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
2.1
CVSSv2
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) atta...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
4.3
CVSSv2
CVE-2014-9059
lib/setup.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide charset information in HTTP headers, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via UTF-7 characte...
Moodle Moodle 2.7.1
Moodle Moodle 2.5.1
Moodle Moodle 2.5.3
Moodle Moodle 2.5.7
Moodle Moodle 2.7.2
Moodle Moodle 2.5.5
Moodle Moodle 2.6.1
Moodle Moodle 2.5.2
Moodle Moodle
Moodle Moodle 2.5.8
Moodle Moodle 2.5.6
Moodle Moodle 2.6.5
Moodle Moodle 2.6.2
Moodle Moodle 2.7.0
Moodle Moodle 2.6.4
Moodle Moodle 2.5.4
Moodle Moodle 2.6.3
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »