moodle

629 tracked vulnerabilities.

CVE-2016-5014 MEDIUM
Moodle 2.x-3.1.0 - Unauthorized Exposure of Sensitive Information via Event Monitor Notifications
Jan 20, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-5013 MEDIUM
Moodle < 2.7.14 and 3.1-3.1.1 - Email Header Injection
Jan 20, 2017
CVSS 5.4
EPSS 0.00
CVE-2016-5012 MEDIUM
Moodle 3.1 - Exposure of Sensitive Information via Glossary Search
Jan 20, 2017
CVSS 5.3
EPSS 0.00
CVE-2016-9188 MEDIUM
Moodle < 3.1.2 - Cross-Site Scripting via HTML Parameters
Nov 04, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-9187 HIGH
Moodle < 3.1.2 - Authenticated Unrestricted File Upload via Double Extension Bypass
Nov 04, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-9186 HIGH
Moodle < 3.1.2 - Authenticated Unrestricted File Upload with Dangerous Type
Nov 04, 2016
CVSS 8.8
EPSS 0.02
CVE-2016-7919 HIGH
Moodle 3.1.2 - Exposure of Sensitive Information via SQL Injection in Installation Process
Oct 28, 2016
CVSS 7.5
EPSS 0.00
CVE-2016-2190 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Information Disclosure via Referer Log
May 22, 2016
CVSS 5.3
EPSS 0.00
CVE-2016-2159 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Auth Bypass via Web-Service
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2158 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2157 HIGH
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - CSRF in Assignment Plugin
May 22, 2016
CVSS 8.8
EPSS 0.00
CVE-2016-2156 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2155 MEDIUM
Moodle 2.8.0-2.8.10 - Authenticated Grade Report Manipulation via Single View
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2154 MEDIUM
Moodle 2.8.0-2.8.10 - Authenticated Hidden Course Name Exposure via Event Monitor Subscription
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-2153 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - XSS via Advanced Search URL Parameter
May 22, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-2152 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - XSS via External DB Profile Field
May 22, 2016
CVSS 6.1
EPSS 0.00
CVE-2016-2151 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
May 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2016-0725 MEDIUM
Moodle <2.8.10-3.0.2 - XSS
Feb 22, 2016
CVSS 6.1
EPSS 0.01
CVE-2016-0724 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.12, 2.8.x < 2.8.10, 2.9.x < 2.9.4, 3.0.x < 3.0.2 - Information Disclosure
Feb 22, 2016
CVSS 4.3
EPSS 0.01
CVE-2015-5342 MEDIUM
Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Auth Bypass
Feb 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2015-5341 MEDIUM
Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Privilege Escalation
Feb 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2015-5340 MEDIUM
Moodle <2.6.11-2.9.3 - Info Disclosure
Feb 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2015-5339 MEDIUM
Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Info Disclosure
Feb 22, 2016
CVSS 4.3
EPSS 0.00
CVE-2015-5338 HIGH
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery in Lesson Module
Feb 22, 2016
CVSS 8.8
EPSS 0.00
CVE-2015-5337 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Scripting via Crafted SWF File
Feb 22, 2016
CVSS 6.1
EPSS 0.00
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV