Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-0213 | 6.8 |
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0218 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0217 | 6.8 |
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matc
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0211 | 4.0 |
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, w
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0212 | 3.5 |
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summa
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0215 | 4.0 |
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0214 | 4.0 |
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search re
|
01-12-2020 - 14:54 | 01-06-2015 - 19:59 | |
CVE-2015-0216 | 3.5 |
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
|
01-12-2020 - 14:52 | 01-06-2015 - 19:59 |