Skip to main content
CVE-2015-2269 LOW POC PATCH Monitor

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

XSS Moodle
NVD Exploit-DB
CVSS 2.0
3.5
EPSS
0.5%
CVE-2015-1493 MEDIUM PATCH This Month

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Moodle
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2015-2268 MEDIUM PATCH This Month

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service PHP Moodle
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0217 MEDIUM PATCH This Month

filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service PHP Moodle
NVD
CVSS 2.0
6.8
EPSS
0.6%
CVE-2015-0218 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Moodle
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0213 MEDIUM PATCH This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

CSRF PHP Moodle
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-3175 MEDIUM PATCH This Month

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Open Redirect Moodle
NVD
CVSS 2.0
5.8
EPSS
0.4%
CVE-2015-3176 MEDIUM PATCH This Month

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2270 MEDIUM PATCH This Month

lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-3181 MEDIUM PATCH This Month

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation File Upload Moodle
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-3180 MEDIUM PATCH This Month

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2272 MEDIUM PATCH This Month

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-2271 MEDIUM PATCH This Month

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0214 MEDIUM PATCH This Month

message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-2266 MEDIUM PATCH This Month

message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0211 MEDIUM PATCH This Month

mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-2267 MEDIUM PATCH This Month

mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

PHP Authentication Bypass Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-0215 MEDIUM PATCH This Month

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2015-3179 LOW PATCH Monitor

login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-3177 LOW Monitor

Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Moodle
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2015-0216 LOW PATCH Monitor

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3174 LOW PATCH Monitor

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Moodle
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-2273 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-0212 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-3178 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

XSS PHP Moodle
NVD
CVSS 2.0
3.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy