| Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2016-2155 | 4.0 |
The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude gra
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2152 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via a
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2190 | 5.0 |
Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2154 | 4.0 |
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2158 | 4.0 |
lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2151 | 4.0 |
user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authen
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2153 | 4.3 |
Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2157 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication o
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2159 | 4.0 |
The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by le
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 | |
| CVE-2016-2156 | 4.0 |
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated
|
01-12-2020 - 14:54 | 22-05-2016 - 20:59 |