Vulnerabilities
Vulnerable Software
Moodle:  Security Vulnerabilities
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.
CVSS Score
6.8
EPSS Score
0.021
Published
2012-07-16
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
CVSS Score
4.0
EPSS Score
0.017
Published
2012-07-16
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.
CVSS Score
4.0
EPSS Score
0.017
Published
2012-07-16
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
CVSS Score
4.3
EPSS Score
0.012
Published
2012-07-16
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
CVSS Score
4.0
EPSS Score
0.019
Published
2012-07-16
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
CVSS Score
4.0
EPSS Score
0.02
Published
2012-07-16
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
CVSS Score
4.0
EPSS Score
0.017
Published
2012-07-11
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.
CVSS Score
4.0
EPSS Score
0.019
Published
2012-07-11
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
CVSS Score
4.3
EPSS Score
0.018
Published
2012-07-11
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
CVSS Score
4.3
EPSS Score
0.012
Published
2012-07-11


Contact Us

Shodan ® - All rights reserved