Moodle: Security Vulnerabilities
In Moodle 3.x, XSS can occur via evidence of prior learning.
CVSS Score
6.1
EPSS Score
0.011
Published
2017-03-26
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
CVSS Score
6.1
EPSS Score
0.011
Published
2017-03-26
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
CVSS Score
5.3
EPSS Score
0.012
Published
2017-01-20
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
CVSS Score
5.4
EPSS Score
0.009
Published
2017-01-20
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
CVSS Score
5.4
EPSS Score
0.01
Published
2017-01-20
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
CVSS Score
7.3
EPSS Score
0.01
Published
2017-01-20
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
CVSS Score
5.3
EPSS Score
0.012
Published
2017-01-20
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVSS Score
4.3
EPSS Score
0.007
Published
2017-01-20
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
CVSS Score
5.3
EPSS Score
0.012
Published
2017-01-20
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVSS Score
5.3
EPSS Score
0.01
Published
2017-01-20