Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/61518?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/61518?format=api", "purl": "pkg:composer/moodle/moodle@2.0.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.0.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43494?format=api", "vulnerability_id": "VCID-41jn-p8ef-pqbg", "summary": "Moodle allows remote attackers to obtain sensitive information from myprofile block by visiting user-context page\nMoodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170010", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170010" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51911", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4284" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4284", "reference_id": "CVE-2011-4284", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4284" }, { "reference_url": "https://github.com/advisories/GHSA-mw6p-49jf-9935", "reference_id": "GHSA-mw6p-49jf-9935", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mw6p-49jf-9935" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4284", "GHSA-mw6p-49jf-9935" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41jn-p8ef-pqbg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43504?format=api", "vulnerability_id": "VCID-41up-e414-hyba", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43123", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1833" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463" }, { "reference_url": "https://github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce" }, { "reference_url": "https://github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26" }, { "reference_url": "https://github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225344", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=225344" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1833", "reference_id": "CVE-2013-1833", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1833" }, { "reference_url": "https://github.com/advisories/GHSA-89f3-74m6-g27g", "reference_id": "GHSA-89f3-74m6-g27g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-89f3-74m6-g27g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62387?format=api", "purl": "pkg:composer/moodle/moodle@2.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsp-tbwq-1qhf" }, { "vulnerability": "VCID-b2tv-8q9g-qqfz" }, { "vulnerability": "VCID-vgxb-fkuj-9fgk" }, { "vulnerability": "VCID-y15n-cf9z-dyc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1833", "GHSA-89f3-74m6-g27g" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41up-e414-hyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43381?format=api", "vulnerability_id": "VCID-47h1-1tt9-4fat", "summary": "Moodle vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=73de6fa06f6923278950a445bd69b3fbc1e518d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=73de6fa06f6923278950a445bd69b3fbc1e518d2" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=73de6fa06f6923278950a445bd69b3fbc1e518d2", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=73de6fa06f6923278950a445bd69b3fbc1e518d2" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170008", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170008" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53289", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4282" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4282", "reference_id": "CVE-2011-4282", "reference_type": "", "scores": [ { "value": "1.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4282" }, { "reference_url": "https://github.com/advisories/GHSA-6xqg-f34f-5fjx", "reference_id": "GHSA-6xqg-f34f-5fjx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6xqg-f34f-5fjx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4282", "GHSA-6xqg-f34f-5fjx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-47h1-1tt9-4fat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43004?format=api", "vulnerability_id": "VCID-4cdk-8y5v-nba1", "summary": "Insertion of Sensitive Information into Log File\nMoodle before 2.2.2 has users' private files included in course backups", "references": [ { "reference_url": "http://docs.moodle.org/dev/Moodle_2.0.8_release_notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.moodle.org/dev/Moodle_2.0.8_release_notes" }, { "reference_url": "http://docs.moodle.org/dev/Moodle_2.1.5_release_notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.moodle.org/dev/Moodle_2.1.5_release_notes" }, { "reference_url": "http://docs.moodle.org/dev/Moodle_2.2.2_release_notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://docs.moodle.org/dev/Moodle_2.2.2_release_notes" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1156", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01229", "scoring_system": "epss", "scoring_elements": "0.79491", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1156" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570" }, { "reference_url": "https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272" }, { "reference_url": "https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198623", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=198623" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1156" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1156" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1156" }, { "reference_url": "https://github.com/advisories/GHSA-358r-g2xw-7c83", "reference_id": "GHSA-358r-g2xw-7c83", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-358r-g2xw-7c83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61527?format=api", "purl": "pkg:composer/moodle/moodle@2.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/61524?format=api", "purl": "pkg:composer/moodle/moodle@2.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1156", "GHSA-358r-g2xw-7c83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cdk-8y5v-nba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43736?format=api", "vulnerability_id": "VCID-4hs4-xkzr-ybbf", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170003" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4278", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53289", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4278" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/34b93e39a64a68e4a676b93ccf2bd87a1d3b5ef8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/34b93e39a64a68e4a676b93ccf2bd87a1d3b5ef8" }, { "reference_url": "https://github.com/moodle/moodle/commit/fd29b2ad1c20906da00d7e523f39bc8a0358a65b", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/fd29b2ad1c20906da00d7e523f39bc8a0358a65b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4278", "reference_id": "CVE-2011-4278", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4278" }, { "reference_url": "https://github.com/advisories/GHSA-6656-6qwx-4c2m", "reference_id": "GHSA-6656-6qwx-4c2m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6656-6qwx-4c2m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4278", "GHSA-6656-6qwx-4c2m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hs4-xkzr-ybbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43330?format=api", "vulnerability_id": "VCID-6dwh-baur-9ydg", "summary": "Moodle vulnerable to Cross-Site Request Forgery\nMultiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48346fb11f8ced06a05c0618b02a3a925b34ec59", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48346fb11f8ced06a05c0618b02a3a925b34ec59" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48346fb11f8ced06a05c0618b02a3a925b34ec59", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=48346fb11f8ced06a05c0618b02a3a925b34ec59" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=188309", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=188309" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31407", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4298" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" }, { "reference_url": "https://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.moodle.org" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4298", "reference_id": "CVE-2011-4298", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4298" }, { "reference_url": "https://github.com/advisories/GHSA-8hxm-42v5-66hm", "reference_id": "GHSA-8hxm-42v5-66hm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8hxm-42v5-66hm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:composer/moodle/moodle@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62078?format=api", "purl": "pkg:composer/moodle/moodle@2.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.2" } ], "aliases": [ "CVE-2011-4298", "GHSA-8hxm-42v5-66hm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dwh-baur-9ydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43686?format=api", "vulnerability_id": "VCID-7pf8-gx8a-fbg1", "summary": "Moodle Incorrect Default Settings\nThe default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5cfe8aecb8b78e343ded38ba9e7a0a859887d21c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=5cfe8aecb8b78e343ded38ba9e7a0a859887d21c" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170011", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170011" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.6357", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4285" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/5dd7e903ff1698dcf2b6bbd821c31720d169fb83", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/5dd7e903ff1698dcf2b6bbd821c31720d169fb83" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4285", "reference_id": "CVE-2011-4285", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4285" }, { "reference_url": "https://github.com/advisories/GHSA-8vjj-wf73-w882", "reference_id": "GHSA-8vjj-wf73-w882", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8vjj-wf73-w882" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4285", "GHSA-8vjj-wf73-w882" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7pf8-gx8a-fbg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43689?format=api", "vulnerability_id": "VCID-7tky-51ah-17bs", "summary": "Moodle allows remote authenticated users to cause a denial of service (invalid database records)\nMoodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=34b5e856b0c98aab3f5317119093628df0834957", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=34b5e856b0c98aab3f5317119093628df0834957" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=34b5e856b0c98aab3f5317119093628df0834957", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=34b5e856b0c98aab3f5317119093628df0834957" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=175593", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=175593" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00455", "scoring_system": "epss", "scoring_elements": "0.64179", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4291" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4291", "reference_id": "CVE-2011-4291", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4291" }, { "reference_url": "https://github.com/advisories/GHSA-m2pf-4pf8-45j2", "reference_id": "GHSA-m2pf-4pf8-45j2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m2pf-4pf8-45j2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62433?format=api", "purl": "pkg:composer/moodle/moodle@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.3" } ], "aliases": [ "CVE-2011-4291", "GHSA-m2pf-4pf8-45j2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7tky-51ah-17bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43442?format=api", "vulnerability_id": "VCID-9ca4-gyeh-qkhc", "summary": "Moodle allows remote attackers to obtain sensitive information\nMoodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6fde0dac702b3d0954bd1c34d427944e9cd89ae6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6fde0dac702b3d0954bd1c34d427944e9cd89ae6" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=6fde0dac702b3d0954bd1c34d427944e9cd89ae6" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170009", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170009" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51911", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4283" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4283", "reference_id": "CVE-2011-4283", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4283" }, { "reference_url": "https://github.com/advisories/GHSA-m3xp-4hf3-qfpp", "reference_id": "GHSA-m3xp-4hf3-qfpp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m3xp-4hf3-qfpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4283", "GHSA-m3xp-4hf3-qfpp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ca4-gyeh-qkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43318?format=api", "vulnerability_id": "VCID-9e5m-wfwn-j7a3", "summary": "Moodle does not use the forceloginforprofiles setting for course-profiles access control\nMoodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=81b58cc227cf96a1cd2e002cc210b7b3e376fd17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=81b58cc227cf96a1cd2e002cc210b7b3e376fd17" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=81b58cc227cf96a1cd2e002cc210b7b3e376fd17", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=81b58cc227cf96a1cd2e002cc210b7b3e376fd17" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170004" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4279", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51911", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4279" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4279", "reference_id": "CVE-2011-4279", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4279" }, { "reference_url": "https://github.com/advisories/GHSA-phqj-xp48-7p7c", "reference_id": "GHSA-phqj-xp48-7p7c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-phqj-xp48-7p7c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4279", "GHSA-phqj-xp48-7p7c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9e5m-wfwn-j7a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43345?format=api", "vulnerability_id": "VCID-9nee-rvyv-qfba", "summary": "Moodle vulnerable to Cross-Site Scripting\nCross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=a459fd90625ae44d7b3ac10b65da2dc631a418e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=a459fd90625ae44d7b3ac10b65da2dc631a418e7" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=188310", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=188310" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53289", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4299" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" }, { "reference_url": "https://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.moodle.org" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4299", "reference_id": "CVE-2011-4299", "reference_type": "", "scores": [ { "value": "1.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4299" }, { "reference_url": "https://github.com/advisories/GHSA-h6px-pvfh-q2jv", "reference_id": "GHSA-h6px-pvfh-q2jv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h6px-pvfh-q2jv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:composer/moodle/moodle@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62078?format=api", "purl": "pkg:composer/moodle/moodle@2.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.2" } ], "aliases": [ "CVE-2011-4299", "GHSA-h6px-pvfh-q2jv" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nee-rvyv-qfba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43597?format=api", "vulnerability_id": "VCID-a4uv-j23y-8bg1", "summary": "Moodle does not properly restrict comment capabilities\ncomment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9da3c2efadcc5f56cb8adc19c67ed16be35780f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9da3c2efadcc5f56cb8adc19c67ed16be35780f3" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=182740", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=182740" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4297", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00519", "scoring_system": "epss", "scoring_elements": "0.67144", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4297" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4297", "reference_id": "CVE-2011-4297", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4297" }, { "reference_url": "https://github.com/advisories/GHSA-62wv-866c-rh86", "reference_id": "GHSA-62wv-866c-rh86", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-62wv-866c-rh86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62435?format=api", "purl": "pkg:composer/moodle/moodle@2.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62436?format=api", "purl": "pkg:composer/moodle/moodle@2.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.1" } ], "aliases": [ "CVE-2011-4297", "GHSA-62wv-866c-rh86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4uv-j23y-8bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43489?format=api", "vulnerability_id": "VCID-atb4-adjz-1uef", "summary": "Improper Control of Generation of Code ('Code Injection')\nCRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.", "references": [ { "reference_url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle" }, { "reference_url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65522", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4203" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5" }, { "reference_url": "https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=191754", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=191754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4203", "reference_id": "CVE-2011-4203", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4203" }, { "reference_url": "https://github.com/advisories/GHSA-4w8m-96v9-2c86", "reference_id": "GHSA-4w8m-96v9-2c86", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4w8m-96v9-2c86" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62376?format=api", "purl": "pkg:composer/moodle/moodle@2.0.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/62377?format=api", "purl": "pkg:composer/moodle/moodle@2.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.3" } ], "aliases": [ "CVE-2011-4203", "GHSA-4w8m-96v9-2c86" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atb4-adjz-1uef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43626?format=api", "vulnerability_id": "VCID-dt8h-ktfk-2qec", "summary": "Moodle Allows Modification of Constants\nThe MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=188313", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=188313" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51044", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4301" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/1f52e72526c305989eadc702b5299edb2a50ac3c" }, { "reference_url": "https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/2a44c5192c875c4f4b4e813d7227b19d8fda86ba" }, { "reference_url": "https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/a6f18c98f43b6fc6b8b7c4e96af41cb4a626e1b8" }, { "reference_url": "https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/f1f70bd4dde6cd1ea4bdb8ab28fa3d36a53b89d8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4301", "reference_id": "CVE-2011-4301", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4301" }, { "reference_url": "https://github.com/advisories/GHSA-jcrj-gmr6-p5j8", "reference_id": "GHSA-jcrj-gmr6-p5j8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jcrj-gmr6-p5j8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:composer/moodle/moodle@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62078?format=api", "purl": "pkg:composer/moodle/moodle@2.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.2" } ], "aliases": [ "CVE-2011-4301", "GHSA-jcrj-gmr6-p5j8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dt8h-ktfk-2qec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42995?format=api", "vulnerability_id": "VCID-e2hb-w8g1-xbax", "summary": "Incorrect Default Permissions\nMoodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69273", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1157" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198624", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=198624" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1157" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1157" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1157" }, { "reference_url": "https://github.com/advisories/GHSA-2x36-7xfm-pgm7", "reference_id": "GHSA-2x36-7xfm-pgm7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2x36-7xfm-pgm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61527?format=api", "purl": "pkg:composer/moodle/moodle@2.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/61524?format=api", "purl": "pkg:composer/moodle/moodle@2.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1157", "GHSA-2x36-7xfm-pgm7" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2hb-w8g1-xbax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43445?format=api", "vulnerability_id": "VCID-ek29-cpbw-77fh", "summary": "Moodle vulnerable to Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f81bfd412c6b2e93a5b15711727d5cb7cc78336", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f81bfd412c6b2e93a5b15711727d5cb7cc78336" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f81bfd412c6b2e93a5b15711727d5cb7cc78336", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f81bfd412c6b2e93a5b15711727d5cb7cc78336" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170012", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170012" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00296", "scoring_system": "epss", "scoring_elements": "0.53289", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4286", "reference_id": "CVE-2011-4286", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4286" }, { "reference_url": "https://github.com/advisories/GHSA-86v9-gqh9-8268", "reference_id": "GHSA-86v9-gqh9-8268", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86v9-gqh9-8268" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4286", "GHSA-86v9-gqh9-8268" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ek29-cpbw-77fh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43723?format=api", "vulnerability_id": "VCID-ev8f-4uzk-b3an", "summary": "Moodle does not recogniz configuration setting that makes e-mail addresses visible only to course members\nMoodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=181991e791a13a3c383234718c26c499e31d3df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=181991e791a13a3c383234718c26c499e31d3df1" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=181991e791a13a3c383234718c26c499e31d3df1" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=175591", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=175591" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41837", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4289" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4289", "reference_id": "CVE-2011-4289", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4289" }, { "reference_url": "https://github.com/advisories/GHSA-3qg4-2fcm-c8f9", "reference_id": "GHSA-3qg4-2fcm-c8f9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3qg4-2fcm-c8f9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62433?format=api", "purl": "pkg:composer/moodle/moodle@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.3" } ], "aliases": [ "CVE-2011-4289", "GHSA-3qg4-2fcm-c8f9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ev8f-4uzk-b3an" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43464?format=api", "vulnerability_id": "VCID-fq4z-5wh4-b3b5", "summary": "Moodle does not force password changes for autosubscribed users\nadmin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=22a77963439e00441949440f0517135b3a5418da" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=22a77963439e00441949440f0517135b3a5418da" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=175588", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=175588" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4287", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00485", "scoring_system": "epss", "scoring_elements": "0.65703", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4287" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4287", "reference_id": "CVE-2011-4287", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4287" }, { "reference_url": "https://github.com/advisories/GHSA-j3x5-cwfj-pfcw", "reference_id": "GHSA-j3x5-cwfj-pfcw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3x5-cwfj-pfcw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4287", "GHSA-j3x5-cwfj-pfcw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fq4z-5wh4-b3b5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43664?format=api", "vulnerability_id": "VCID-fwn7-hez1-ayhj", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nMoodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00301", "scoring_system": "epss", "scoring_elements": "0.53729", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1835" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/31581ae65df05ea64031ac24c8b8f817414f1379" }, { "reference_url": "https://github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/6153c8040dd6ecdf03070ad6b538845c263bf722" }, { "reference_url": "https://github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ded4050f1bb050770df3bc8e78dcfadf815011ea" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225347", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=225347" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1835", "reference_id": "CVE-2013-1835", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1835" }, { "reference_url": "https://github.com/advisories/GHSA-cc94-hwj3-rf65", "reference_id": "GHSA-cc94-hwj3-rf65", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cc94-hwj3-rf65" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1835", "GHSA-cc94-hwj3-rf65" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fwn7-hez1-ayhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42996?format=api", "vulnerability_id": "VCID-jbvt-9yy2-afb4", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nMoodle before 2.2.2: Overview report allows users to see hidden courses", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1159", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00946", "scoring_system": "epss", "scoring_elements": "0.7668", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1159" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198628", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=198628" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2012-1159" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1159" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1159" }, { "reference_url": "https://github.com/advisories/GHSA-p9hr-f4xj-8w8r", "reference_id": "GHSA-p9hr-f4xj-8w8r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9hr-f4xj-8w8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61527?format=api", "purl": "pkg:composer/moodle/moodle@2.0.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/61524?format=api", "purl": "pkg:composer/moodle/moodle@2.1.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1159", "GHSA-p9hr-f4xj-8w8r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbvt-9yy2-afb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43728?format=api", "vulnerability_id": "VCID-q6wx-c4w3-skh8", "summary": "Moodle does not properly restrict access to category and course data\nThe file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=f6b07c4da54a9db24723beb147e8a19a3d487e00" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=f6b07c4da54a9db24723beb147e8a19a3d487e00" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=188311", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=188311" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.4959", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4300" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=747444" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/6f7c43c7de8f62cd53a7f3b54ad5325cd109c1be" }, { "reference_url": "https://github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/81c77993e3808bba68fe24d6bfbac19a41679a6f" }, { "reference_url": "https://github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/f6b07c4da54a9db24723beb147e8a19a3d487e00" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4300", "reference_id": "CVE-2011-4300", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4300" }, { "reference_url": "https://github.com/advisories/GHSA-9p54-pc88-36c4", "reference_id": "GHSA-9p54-pc88-36c4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9p54-pc88-36c4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62077?format=api", "purl": "pkg:composer/moodle/moodle@2.0.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62078?format=api", "purl": "pkg:composer/moodle/moodle@2.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.2" } ], "aliases": [ "CVE-2011-4300", "GHSA-9p54-pc88-36c4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6wx-c4w3-skh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43512?format=api", "vulnerability_id": "VCID-qpm1-4xwk-sfb2", "summary": "Improper Input Validation\nThe error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=8f9f666c902cb30ef6f519353f38c45a29fdf4a6" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=182737", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=182737" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60726", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4294" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/18c2fcf8f19e00f0e89421d8fd8b7486a6dc6f79" }, { "reference_url": "https://github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/417fdfab6bbdcfc3f5b64704ec06912ae9cd1050" }, { "reference_url": "https://github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/8f9f666c902cb30ef6f519353f38c45a29fdf4a6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4294", "reference_id": "CVE-2011-4294", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4294" }, { "reference_url": "https://github.com/advisories/GHSA-hxmp-8f47-x9fc", "reference_id": "GHSA-hxmp-8f47-x9fc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hxmp-8f47-x9fc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62435?format=api", "purl": "pkg:composer/moodle/moodle@2.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62436?format=api", "purl": "pkg:composer/moodle/moodle@2.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.1" } ], "aliases": [ "CVE-2011-4294", "GHSA-hxmp-8f47-x9fc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpm1-4xwk-sfb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43568?format=api", "vulnerability_id": "VCID-r7wm-grca-3fgw", "summary": "Moodle does not properly manage privileges for WebDAV repositories\nMoodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00644", "scoring_system": "epss", "scoring_elements": "0.71061", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1836" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/173a201f90941604ae1811a1b79089be4d78707c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/173a201f90941604ae1811a1b79089be4d78707c" }, { "reference_url": "https://github.com/moodle/moodle/commit/67c858414acb6564cd11f27adb9ffc75e9c8ba7f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/67c858414acb6564cd11f27adb9ffc75e9c8ba7f" }, { "reference_url": "https://github.com/moodle/moodle/commit/ac5fc5953426befb1232106ade9e42ff239d9b63", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ac5fc5953426befb1232106ade9e42ff239d9b63" }, { "reference_url": "https://github.com/moodle/moodle/commit/c512e94e7c972c2ef398d49283edbbdc0cfe8ea1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/c512e94e7c972c2ef398d49283edbbdc0cfe8ea1" }, { "reference_url": "https://github.com/moodle/moodle/commit/cb69d2584a0fda3f72cbb6974b155287bc6fcbab", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/cb69d2584a0fda3f72cbb6974b155287bc6fcbab" }, { "reference_url": "https://github.com/moodle/moodle/commit/d5a3a922679f9314ffdc7e4769d78e920e588457", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/d5a3a922679f9314ffdc7e4769d78e920e588457" }, { "reference_url": "https://github.com/moodle/moodle/commit/e1be68f296addf57e80222e8a697931b0870c816", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e1be68f296addf57e80222e8a697931b0870c816" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225348", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=225348" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1836", "reference_id": "CVE-2013-1836", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1836" }, { "reference_url": "https://github.com/advisories/GHSA-664q-mrxx-2x2v", "reference_id": "GHSA-664q-mrxx-2x2v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-664q-mrxx-2x2v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1836", "GHSA-664q-mrxx-2x2v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r7wm-grca-3fgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43367?format=api", "vulnerability_id": "VCID-scrd-yyjh-gbhw", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170005" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01973", "scoring_system": "epss", "scoring_elements": "0.8387", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4280" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/bd654f0ced8af925c27b7c94321f0c299b50b38e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bd654f0ced8af925c27b7c94321f0c299b50b38e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4280", "reference_id": "CVE-2011-4280", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4280" }, { "reference_url": "https://github.com/advisories/GHSA-mx5g-3vxh-rgm8", "reference_id": "GHSA-mx5g-3vxh-rgm8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mx5g-3vxh-rgm8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4280", "GHSA-mx5g-3vxh-rgm8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scrd-yyjh-gbhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43589?format=api", "vulnerability_id": "VCID-ubt2-hvzj-1kbh", "summary": "Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory\nThe theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=182736", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=182736" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41211", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4293" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6" }, { "reference_url": "https://github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329" }, { "reference_url": "https://github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4293", "reference_id": "CVE-2011-4293", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4293" }, { "reference_url": "https://github.com/advisories/GHSA-wxvp-8q8h-r6rr", "reference_id": "GHSA-wxvp-8q8h-r6rr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wxvp-8q8h-r6rr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62435?format=api", "purl": "pkg:composer/moodle/moodle@2.0.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62436?format=api", "purl": "pkg:composer/moodle/moodle@2.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.1" } ], "aliases": [ "CVE-2011-4293", "GHSA-wxvp-8q8h-r6rr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubt2-hvzj-1kbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43499?format=api", "vulnerability_id": "VCID-vgxb-fkuj-9fgk", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nrepository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00232", "scoring_system": "epss", "scoring_elements": "0.46059", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1832" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727" }, { "reference_url": "https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32" }, { "reference_url": "https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225343", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=225343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1832", "reference_id": "CVE-2013-1832", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1832" }, { "reference_url": "https://github.com/advisories/GHSA-pgp5-rcwp-qvfg", "reference_id": "GHSA-pgp5-rcwp-qvfg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgp5-rcwp-qvfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1832", "GHSA-pgp5-rcwp-qvfg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgxb-fkuj-9fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43454?format=api", "vulnerability_id": "VCID-yyug-rt71-yfds", "summary": "Moodle Users Can Bypass Deleted Status\nThe webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=194016", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=194016" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34318", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0797" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea" }, { "reference_url": "https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7" }, { "reference_url": "https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff" }, { "reference_url": "https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0797", "reference_id": "CVE-2012-0797", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0797" }, { "reference_url": "https://github.com/advisories/GHSA-72gv-qqrp-h9qg", "reference_id": "GHSA-72gv-qqrp-h9qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-72gv-qqrp-h9qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61519?format=api", "purl": "pkg:composer/moodle/moodle@2.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4cdk-8y5v-nba1" }, { "vulnerability": "VCID-e2hb-w8g1-xbax" }, { "vulnerability": "VCID-jbvt-9yy2-afb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/61521?format=api", "purl": "pkg:composer/moodle/moodle@2.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4cdk-8y5v-nba1" }, { "vulnerability": "VCID-e2hb-w8g1-xbax" }, { "vulnerability": "VCID-jbvt-9yy2-afb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/61523?format=api", "purl": "pkg:composer/moodle/moodle@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4cdk-8y5v-nba1" }, { "vulnerability": "VCID-e2hb-w8g1-xbax" }, { "vulnerability": "VCID-jbvt-9yy2-afb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.1" } ], "aliases": [ "CVE-2012-0797", "GHSA-72gv-qqrp-h9qg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyug-rt71-yfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43511?format=api", "vulnerability_id": "VCID-zhfc-drsr-27ae", "summary": "Moodle allows remote authenticated users to cause a denial of service (invalid database records)\nMoodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=acb4688d29a7cc028803ee3d81edc7f1b6515c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=acb4688d29a7cc028803ee3d81edc7f1b6515c64" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=acb4688d29a7cc028803ee3d81edc7f1b6515c64", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=acb4688d29a7cc028803ee3d81edc7f1b6515c64" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=175594", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=175594" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4292", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00565", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4292" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4292", "reference_id": "CVE-2011-4292", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4292" }, { "reference_url": "https://github.com/advisories/GHSA-fhgh-fjh9-vq62", "reference_id": "GHSA-fhgh-fjh9-vq62", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fhgh-fjh9-vq62" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62433?format=api", "purl": "pkg:composer/moodle/moodle@2.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.3" } ], "aliases": [ "CVE-2011-4292", "GHSA-fhgh-fjh9-vq62" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhfc-drsr-27ae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43421?format=api", "vulnerability_id": "VCID-zvsh-te3w-qyec", "summary": "Moodle vulnerable to Cross-Site Request Forgery\nMultiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.", "references": [ { "reference_url": "http://git.moodle.org", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9cedb80c5d6318aa17cd66912d37e6ef3dca9455" }, { "reference_url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9cedb80c5d6318aa17cd66912d37e6ef3dca9455", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9cedb80c5d6318aa17cd66912d37e6ef3dca9455" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=170006", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://moodle.org/mod/forum/discuss.php?d=170006" }, { "reference_url": "http://openwall.com/lists/oss-security/2011/11/14/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openwall.com/lists/oss-security/2011/11/14/1" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31407", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4281" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4281", "reference_id": "CVE-2011-4281", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4281" }, { "reference_url": "https://github.com/advisories/GHSA-m97f-x4mr-4x3q", "reference_id": "GHSA-m97f-x4mr-4x3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m97f-x4mr-4x3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62050?format=api", "purl": "pkg:composer/moodle/moodle@2.0.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.2" } ], "aliases": [ "CVE-2011-4281", "GHSA-m97f-x4mr-4x3q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvsh-te3w-qyec" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.0" }