Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.5.0
Typecomposer
Namespacemoodle
Namemoodle
Version2.5.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.5.1
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-1ehh-qz6c-ykhp
vulnerability_id VCID-1ehh-qz6c-ykhp
summary 
Moodle allows attackers to obtain username and course information
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3546
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51911
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3546
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312
5
reference_url https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90
6
reference_url https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39
7
reference_url https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9
8
reference_url https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151
9
reference_url https://moodle.org/mod/forum/discuss.php?d=264267
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264267
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3546
reference_id CVE-2014-3546
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3546
11
reference_url https://github.com/advisories/GHSA-4c5g-w3gf-rf4f
reference_id GHSA-4c5g-w3gf-rf4f
reference_type
scores
url https://github.com/advisories/GHSA-4c5g-w3gf-rf4f
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3546, GHSA-4c5g-w3gf-rf4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ehh-qz6c-ykhp
1
url VCID-1whm-dsv7-t7gm
vulnerability_id VCID-1whm-dsv7-t7gm
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2571
reference_id
reference_type
scores
0
value 0.00209
scoring_system epss
scoring_elements 0.43285
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2571
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/217d839ded7026ed1b1280e1c296bc80a4036023
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/217d839ded7026ed1b1280e1c296bc80a4036023
5
reference_url https://github.com/moodle/moodle/commit/5da73345fdd46cef912b229b2cfae2a26e36efd8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5da73345fdd46cef912b229b2cfae2a26e36efd8
6
reference_url https://github.com/moodle/moodle/commit/7051f3a8828665f4fab37c8db91322fec85a64db
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7051f3a8828665f4fab37c8db91322fec85a64db
7
reference_url https://github.com/moodle/moodle/commit/fd4b7f57399bed85db0d4066ba12c2633ce87ba3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/fd4b7f57399bed85db0d4066ba12c2633ce87ba3
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256416
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256416
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2571
reference_id CVE-2014-2571
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2571
10
reference_url https://github.com/advisories/GHSA-75c6-xqwr-v2r9
reference_id GHSA-75c6-xqwr-v2r9
reference_type
scores
url https://github.com/advisories/GHSA-75c6-xqwr-v2r9
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-2571, GHSA-75c6-xqwr-v2r9
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1whm-dsv7-t7gm
2
url VCID-4v57-bu85-syhr
vulnerability_id VCID-4v57-bu85-syhr
summary 
Moodle does not properly restrict file access
The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
1
reference_url http://openwall.com/lists/oss-security/2014/05/19/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/05/19/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0216
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51911
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0216
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/40ad22fdd0d9ed569b2ad0ff6ad02814bfa014b8
5
reference_url https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/568514ee7f7e994f61e7a44356fe89d0dd18c157
6
reference_url https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7b9acc77efe06f7be7070032b05c3159e0a6d415
7
reference_url https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b04bf988ef47f8fa65dd08ce936ecb774d5d76bd
8
reference_url https://moodle.org/mod/forum/discuss.php?d=260364
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=260364
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0216
reference_id CVE-2014-0216
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0216
10
reference_url https://github.com/advisories/GHSA-8rc7-4qfv-4484
reference_id GHSA-8rc7-4qfv-4484
reference_type
scores
url https://github.com/advisories/GHSA-8rc7-4qfv-4484
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.6
purl pkg:composer/moodle/moodle@2.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.6
1
url pkg:composer/moodle/moodle@2.6.3
purl pkg:composer/moodle/moodle@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.3
aliases CVE-2014-0216, GHSA-8rc7-4qfv-4484
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4v57-bu85-syhr
3
url VCID-4xqt-yugc-qufr
vulnerability_id VCID-4xqt-yugc-qufr
summary 
Moodle's time-validation implementation allows bypassing intended restrictions
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0127
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0127
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/1298acc7075614d8f24befe7e50edbd695498d66
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/1298acc7075614d8f24befe7e50edbd695498d66
5
reference_url https://github.com/moodle/moodle/commit/71037bf26c1e66c628f952b777a9b068775f7b24
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/71037bf26c1e66c628f952b777a9b068775f7b24
6
reference_url https://github.com/moodle/moodle/commit/7b839b0ec1d3d7fdfe7f76066c49829936a2390e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7b839b0ec1d3d7fdfe7f76066c49829936a2390e
7
reference_url https://github.com/moodle/moodle/commit/aea324963dfee857315d147bf0c17659bb43991e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/aea324963dfee857315d147bf0c17659bb43991e
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256417
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0127
reference_id CVE-2014-0127
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0127
10
reference_url https://github.com/advisories/GHSA-6p3g-hw27-qh44
reference_id GHSA-6p3g-hw27-qh44
reference_type
scores
url https://github.com/advisories/GHSA-6p3g-hw27-qh44
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0127, GHSA-6p3g-hw27-qh44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4xqt-yugc-qufr
4
url VCID-5ru2-1n1f-afa4
vulnerability_id VCID-5ru2-1n1f-afa4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
references
0
reference_url http://flash.flowplayer.org/documentation/version-history.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://flash.flowplayer.org/documentation/version-history.html
1
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
2
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7341
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49439
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7341
4
reference_url https://github.com/flowplayer/flash/issues/121
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flowplayer/flash/issues/121
5
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
6
reference_url https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
7
reference_url https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
8
reference_url https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
9
reference_url https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
10
reference_url https://moodle.org/mod/forum/discuss.php?d=256420
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256420
11
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-007
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-007
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7341
reference_id CVE-2013-7341
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7341
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
reference_id CVE-2013-7341.YAML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
14
reference_url https://github.com/advisories/GHSA-j6c3-3c4w-qv8p
reference_id GHSA-j6c3-3c4w-qv8p
reference_type
scores
url https://github.com/advisories/GHSA-j6c3-3c4w-qv8p
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2013-7341, GHSA-j6c3-3c4w-qv8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ru2-1n1f-afa4
5
url VCID-6v43-drd7-ufd7
vulnerability_id VCID-6v43-drd7-ufd7
summary 
Moodle allows bypass of intended access restrictions
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0122
reference_id
reference_type
scores
0
value 0.00171
scoring_system epss
scoring_elements 0.38101
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0122
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/3d7810ab3d67a423a760ba89ae75de81d940b236
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3d7810ab3d67a423a760ba89ae75de81d940b236
5
reference_url https://github.com/moodle/moodle/commit/4d4867503c2467cb04660d9cb314d22f56004054
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/4d4867503c2467cb04660d9cb314d22f56004054
6
reference_url https://github.com/moodle/moodle/commit/5c45ea0c6bf2fdf4dddfaef9fc5ff12e6b426a3f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5c45ea0c6bf2fdf4dddfaef9fc5ff12e6b426a3f
7
reference_url https://github.com/moodle/moodle/commit/7748e17207b1a28118d9dc622878da22f956d3fe
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7748e17207b1a28118d9dc622878da22f956d3fe
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256418
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256418
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0122
reference_id CVE-2014-0122
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0122
10
reference_url https://github.com/advisories/GHSA-f9m9-494r-w36p
reference_id GHSA-f9m9-494r-w36p
reference_type
scores
url https://github.com/advisories/GHSA-f9m9-494r-w36p
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0122, GHSA-f9m9-494r-w36p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v43-drd7-ufd7
6
url VCID-7g7m-bu5q-gbcx
vulnerability_id VCID-7g7m-bu5q-gbcx
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
1
reference_url http://openwall.com/lists/oss-security/2014/05/19/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/05/19/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0218
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49148
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0218
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/5c276a4c324b5137064496d6dd68e71476015fcd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5c276a4c324b5137064496d6dd68e71476015fcd
5
reference_url https://github.com/moodle/moodle/commit/729783c4ba971413198f30784b48e3f2107a8da6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/729783c4ba971413198f30784b48e3f2107a8da6
6
reference_url https://github.com/moodle/moodle/commit/b8a6f7d19d623bcf992d8ecda94324100bc50e9d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b8a6f7d19d623bcf992d8ecda94324100bc50e9d
7
reference_url https://github.com/moodle/moodle/commit/c5e8a036c509197bb2927f47c0579992be479f35
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c5e8a036c509197bb2927f47c0579992be479f35
8
reference_url https://moodle.org/mod/forum/discuss.php?d=260366
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=260366
9
reference_url https://web.archive.org/web/20141224120458/http://www.securityfocus.com/bid/67479
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20141224120458/http://www.securityfocus.com/bid/67479
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0218
reference_id CVE-2014-0218
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0218
11
reference_url https://github.com/advisories/GHSA-ch68-5r37-p7c3
reference_id GHSA-ch68-5r37-p7c3
reference_type
scores
url https://github.com/advisories/GHSA-ch68-5r37-p7c3
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.6
purl pkg:composer/moodle/moodle@2.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.6
1
url pkg:composer/moodle/moodle@2.6.3
purl pkg:composer/moodle/moodle@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.3
aliases CVE-2014-0218, GHSA-ch68-5r37-p7c3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7g7m-bu5q-gbcx
7
url VCID-88pw-zwqn-cqfd
vulnerability_id VCID-88pw-zwqn-cqfd
summary 
Moodle places a session key in a URL
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0125
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.421
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0125
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/4bc5dd32178cbaa62c466f74bf6d0ebafb697818
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/4bc5dd32178cbaa62c466f74bf6d0ebafb697818
5
reference_url https://github.com/moodle/moodle/commit/a71a6de914bec01df4268d0547c7a52917c4192f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a71a6de914bec01df4268d0547c7a52917c4192f
6
reference_url https://github.com/moodle/moodle/commit/ee8f17db890d7fa1bfc2cfd49ff8d21b41d29331
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ee8f17db890d7fa1bfc2cfd49ff8d21b41d29331
7
reference_url https://github.com/moodle/moodle/commit/f4f0aa27d43527c15070d00bc96be879876ccc38
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/f4f0aa27d43527c15070d00bc96be879876ccc38
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256422
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256422
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0125
reference_id CVE-2014-0125
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0125
10
reference_url https://github.com/advisories/GHSA-j465-7mp6-3xg3
reference_id GHSA-j465-7mp6-3xg3
reference_type
scores
url https://github.com/advisories/GHSA-j465-7mp6-3xg3
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0125, GHSA-j465-7mp6-3xg3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88pw-zwqn-cqfd
8
url VCID-cvqm-kjhx-q7ej
vulnerability_id VCID-cvqm-kjhx-q7ej
summary 
Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0126
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31397
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0126
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/41a19bffeef0ee6b0560a5ff808fd4bd35075fa1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/41a19bffeef0ee6b0560a5ff808fd4bd35075fa1
5
reference_url https://github.com/moodle/moodle/commit/caf766507771e07c1752ece1f37a32b2b4f6d8b9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/caf766507771e07c1752ece1f37a32b2b4f6d8b9
6
reference_url https://github.com/moodle/moodle/commit/ea8647b39ec9cf1d73e04b05559bd12d97aa5229
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ea8647b39ec9cf1d73e04b05559bd12d97aa5229
7
reference_url https://github.com/moodle/moodle/commit/eee61675f042a9ec89f8f6d219b4ded010198fe4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/eee61675f042a9ec89f8f6d219b4ded010198fe4
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256423
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256423
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0126
reference_id CVE-2014-0126
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0126
10
reference_url https://github.com/advisories/GHSA-4wvg-7886-83gv
reference_id GHSA-4wvg-7886-83gv
reference_type
scores
url https://github.com/advisories/GHSA-4wvg-7886-83gv
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0126, GHSA-4wvg-7886-83gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvqm-kjhx-q7ej
9
url VCID-czph-uxwr-5uge
vulnerability_id VCID-czph-uxwr-5uge
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3547
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52191
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3547
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88
5
reference_url https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7
6
reference_url https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987
7
reference_url https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234
8
reference_url https://moodle.org/mod/forum/discuss.php?d=264269
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264269
9
reference_url http://www.securityfocus.com/bid/68758
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/68758
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3547
reference_id CVE-2014-3547
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3547
11
reference_url https://github.com/advisories/GHSA-hwjv-mc78-cccj
reference_id GHSA-hwjv-mc78-cccj
reference_type
scores
url https://github.com/advisories/GHSA-hwjv-mc78-cccj
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3547, GHSA-hwjv-mc78-cccj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czph-uxwr-5uge
10
url VCID-ea5s-xphb-6ub7
vulnerability_id VCID-ea5s-xphb-6ub7
summary 
Exposure of Sensitive Information to an Unauthorized Actor
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3542
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62749
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3542
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14
5
reference_url https://moodle.org/mod/forum/discuss.php?d=264263
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264263
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3542
reference_id CVE-2014-3542
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3542
7
reference_url https://github.com/advisories/GHSA-xmwv-mqh8-4xgw
reference_id GHSA-xmwv-mqh8-4xgw
reference_type
scores
url https://github.com/advisories/GHSA-xmwv-mqh8-4xgw
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3542, GHSA-xmwv-mqh8-4xgw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea5s-xphb-6ub7
11
url VCID-gdz8-d8j3-nqdh
vulnerability_id VCID-gdz8-d8j3-nqdh
summary 
Moodle allows attackers to obtain sensitive information
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0124
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41837
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0124
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/2978623cda4521773fe2d45e04bee76601de487f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/2978623cda4521773fe2d45e04bee76601de487f
5
reference_url https://github.com/moodle/moodle/commit/ae0ec61180ec71cb5b158633b0a3523a7ca41a82
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ae0ec61180ec71cb5b158633b0a3523a7ca41a82
6
reference_url https://github.com/moodle/moodle/commit/db4e2c4cd47d48ebf06424d942bf603a8fa94d97
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/db4e2c4cd47d48ebf06424d942bf603a8fa94d97
7
reference_url https://github.com/moodle/moodle/commit/dc8f55c30211efd6fac80386e5b3bffef31cca13
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dc8f55c30211efd6fac80386e5b3bffef31cca13
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256421
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256421
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0124
reference_id CVE-2014-0124
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0124
10
reference_url https://github.com/advisories/GHSA-fc5p-vj3h-x7g4
reference_id GHSA-fc5p-vj3h-x7g4
reference_type
scores
url https://github.com/advisories/GHSA-fc5p-vj3h-x7g4
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0124, GHSA-fc5p-vj3h-x7g4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdz8-d8j3-nqdh
12
url VCID-h8xn-n98n-qqdv
vulnerability_id VCID-h8xn-n98n-qqdv
summary 
Exposure of Sensitive Information to an Unauthorized Actor
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.
references
0
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3543
reference_id
reference_type
scores
0
value 0.00427
scoring_system epss
scoring_elements 0.62749
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3543
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/595ef4772d330a20c757635ab090acdcc9b2a2fa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/595ef4772d330a20c757635ab090acdcc9b2a2fa
4
reference_url https://git.moodle.org/gw?p=moodle.git;a=commit;h=595ef4772d330a20c757635ab090acdcc9b2a2fa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.moodle.org/gw?p=moodle.git;a=commit;h=595ef4772d330a20c757635ab090acdcc9b2a2fa
5
reference_url https://moodle.org/mod/forum/discuss.php?d=264264
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264264
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3543
reference_id CVE-2014-3543
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3543
7
reference_url https://github.com/advisories/GHSA-27j2-c838-c3qg
reference_id GHSA-27j2-c838-c3qg
reference_type
scores
url https://github.com/advisories/GHSA-27j2-c838-c3qg
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3543, GHSA-27j2-c838-c3qg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8xn-n98n-qqdv
13
url VCID-j3t3-svwb-p7bn
vulnerability_id VCID-j3t3-svwb-p7bn
summary 
Cross-Site Request Forgery (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
1
reference_url http://openwall.com/lists/oss-security/2014/05/19/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/05/19/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0213
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31397
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0213
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/0cd720fe512d48c2af81fc054c042c9c63e8a234
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0cd720fe512d48c2af81fc054c042c9c63e8a234
5
reference_url https://github.com/moodle/moodle/commit/436ef91ceb3cedfbf7297cb9e09ef69c0b323d77
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/436ef91ceb3cedfbf7297cb9e09ef69c0b323d77
6
reference_url https://github.com/moodle/moodle/commit/a57eacc114ee8e5423102000c9954f66f03ffeb2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a57eacc114ee8e5423102000c9954f66f03ffeb2
7
reference_url https://github.com/moodle/moodle/commit/f977d376c936ba09872884dc822463e76f6cfeb6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/f977d376c936ba09872884dc822463e76f6cfeb6
8
reference_url https://moodle.org/mod/forum/discuss.php?d=260361
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=260361
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0213
reference_id CVE-2014-0213
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0213
10
reference_url https://github.com/advisories/GHSA-h75f-hjcr-cvh8
reference_id GHSA-h75f-hjcr-cvh8
reference_type
scores
url https://github.com/advisories/GHSA-h75f-hjcr-cvh8
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.6
purl pkg:composer/moodle/moodle@2.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.6
1
url pkg:composer/moodle/moodle@2.6.3
purl pkg:composer/moodle/moodle@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.3
aliases CVE-2014-0213, GHSA-h75f-hjcr-cvh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3t3-svwb-p7bn
14
url VCID-q3wv-9hj6-vbgt
vulnerability_id VCID-q3wv-9hj6-vbgt
summary 
Moodle does not properly restrict access
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0123
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41039
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0123
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/3a7b9b76c2d3c58237bec56b3b537e05c23970ad
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3a7b9b76c2d3c58237bec56b3b537e05c23970ad
5
reference_url https://github.com/moodle/moodle/commit/d9596365e59ac53787105ff326f7f2bab5b9bada
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/d9596365e59ac53787105ff326f7f2bab5b9bada
6
reference_url https://github.com/moodle/moodle/commit/e6499fb8a4463b1130babb09c42f3d5559276d17
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/e6499fb8a4463b1130babb09c42f3d5559276d17
7
reference_url https://github.com/moodle/moodle/commit/fa0777902633b54ca5566dd8af304ce5587051e5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/fa0777902633b54ca5566dd8af304ce5587051e5
8
reference_url https://moodle.org/mod/forum/discuss.php?d=256419
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256419
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0123
reference_id CVE-2014-0123
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0123
10
reference_url https://github.com/advisories/GHSA-2vhr-4mhq-m35c
reference_id GHSA-2vhr-4mhq-m35c
reference_type
scores
url https://github.com/advisories/GHSA-2vhr-4mhq-m35c
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0123, GHSA-2vhr-4mhq-m35c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q3wv-9hj6-vbgt
15
url VCID-qpu2-8paz-7ydv
vulnerability_id VCID-qpu2-8paz-7ydv
summary 
Exposure of Sensitive Information to an Unauthorized Actor
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.
references
0
reference_url http://openwall.com/lists/oss-security/2014/05/19/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/05/19/1
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0215
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41837
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0215
2
reference_url https://moodle.org/mod/forum/discuss.php?d=260363
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=260363
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0215
reference_id CVE-2014-0215
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0215
4
reference_url https://github.com/advisories/GHSA-2fmv-j5xj-4fmq
reference_id GHSA-2fmv-j5xj-4fmq
reference_type
scores
url https://github.com/advisories/GHSA-2fmv-j5xj-4fmq
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.6
purl pkg:composer/moodle/moodle@2.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.6
1
url pkg:composer/moodle/moodle@2.7.0
purl pkg:composer/moodle/moodle@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1z6j-fs6f-eua1
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2dxb-v1af-jbax
5
vulnerability VCID-2y3m-yuaj-vkf2
6
vulnerability VCID-37j1-ym2f-1fbc
7
vulnerability VCID-37pj-u3gh-n7fd
8
vulnerability VCID-3xwm-hqap-8bct
9
vulnerability VCID-46jw-xjbu-b3f1
10
vulnerability VCID-4cx7-eaax-8uhr
11
vulnerability VCID-4kq5-ctsv-eka8
12
vulnerability VCID-5c29-qn3p-3yde
13
vulnerability VCID-5nfq-4syg-87da
14
vulnerability VCID-5rbf-4dz3-2qdz
15
vulnerability VCID-5vx4-qtb2-fqe9
16
vulnerability VCID-62yh-cpfr-9bb1
17
vulnerability VCID-8cc1-hbzm-87bx
18
vulnerability VCID-8q4n-d565-kfbn
19
vulnerability VCID-95mq-m2jz-a3ab
20
vulnerability VCID-9z66-z9af-17f7
21
vulnerability VCID-a3pu-x51u-1udr
22
vulnerability VCID-an53-nu91-k3d7
23
vulnerability VCID-aqc8-tmeg-9fdd
24
vulnerability VCID-b9ej-hx7z-1bb8
25
vulnerability VCID-bfmx-cwap-8yhp
26
vulnerability VCID-czph-uxwr-5uge
27
vulnerability VCID-d3yp-gq4c-vyf8
28
vulnerability VCID-dhku-uah4-ykh8
29
vulnerability VCID-ea5s-xphb-6ub7
30
vulnerability VCID-eaqp-7abt-6kg9
31
vulnerability VCID-emu7-jhv2-zqb8
32
vulnerability VCID-evke-m8nn-6ua3
33
vulnerability VCID-fumj-9pun-zfc5
34
vulnerability VCID-g4hn-yz26-1beb
35
vulnerability VCID-gvan-87dt-b7fp
36
vulnerability VCID-h8xn-n98n-qqdv
37
vulnerability VCID-hbky-xx53-vkct
38
vulnerability VCID-hck4-emsr-q7dc
39
vulnerability VCID-j11s-2mhg-pfdn
40
vulnerability VCID-k6pw-51st-b3d2
41
vulnerability VCID-kgvw-uxf4-wbc1
42
vulnerability VCID-krn6-pwk5-ake2
43
vulnerability VCID-kzwd-2e6n-fkbm
44
vulnerability VCID-n9uc-b76m-8fbs
45
vulnerability VCID-nfdb-m7rg-47ca
46
vulnerability VCID-qxyw-7hnt-hqd6
47
vulnerability VCID-r3f7-9paf-83ht
48
vulnerability VCID-r88h-mteg-yka9
49
vulnerability VCID-rdfn-52p2-afa7
50
vulnerability VCID-rscq-xx52-2ua8
51
vulnerability VCID-s3bw-w61k-eqhy
52
vulnerability VCID-s3ue-e5h8-f3dy
53
vulnerability VCID-s5cy-eva4-wbaf
54
vulnerability VCID-tmwc-f872-mufw
55
vulnerability VCID-ucg8-htfc-2bhn
56
vulnerability VCID-uptz-tj66-7yfk
57
vulnerability VCID-uvgt-7m5a-xkdc
58
vulnerability VCID-v4qm-48kk-pfaz
59
vulnerability VCID-v54t-5thx-1beu
60
vulnerability VCID-v6ha-ekxw-7bfr
61
vulnerability VCID-v7zm-cw8w-6yf8
62
vulnerability VCID-vda3-4fgr-gfbw
63
vulnerability VCID-vs2j-b4qg-nbgu
64
vulnerability VCID-vtq4-fpr8-hudb
65
vulnerability VCID-wavt-rrws-3yhs
66
vulnerability VCID-wawr-t9dc-33fj
67
vulnerability VCID-xmm4-zw49-3feh
68
vulnerability VCID-xnmk-jah2-ufce
69
vulnerability VCID-xy2y-yxfu-xfgm
70
vulnerability VCID-y2vh-7r7h-9ugu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0
aliases CVE-2014-0215, GHSA-2fmv-j5xj-4fmq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpu2-8paz-7ydv
16
url VCID-qxyw-7hnt-hqd6
vulnerability_id VCID-qxyw-7hnt-hqd6
summary 
Improper Control of Generation of Code ('Code Injection')
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3545
reference_id
reference_type
scores
0
value 0.01284
scoring_system epss
scoring_elements 0.79954
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3545
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426
5
reference_url https://github.com/moodle/moodle/commit/155bc7547227dc2047cfc8630cbfe121888b359b
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/155bc7547227dc2047cfc8630cbfe121888b359b
6
reference_url https://github.com/moodle/moodle/commit/29005a5418894b76e62e44bbc2c9e4ddee8f5ce6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/29005a5418894b76e62e44bbc2c9e4ddee8f5ce6
7
reference_url https://github.com/moodle/moodle/commit/44f726a7b1d351b39bb2a6a30c1b30027fabd000
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/44f726a7b1d351b39bb2a6a30c1b30027fabd000
8
reference_url https://github.com/moodle/moodle/commit/539a25ff03fae377758d62caefcc71a2418e9a84
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/539a25ff03fae377758d62caefcc71a2418e9a84
9
reference_url https://github.com/moodle/moodle/commit/5c6c172033e3fb4afce862f8b32b459f5c35ad19
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5c6c172033e3fb4afce862f8b32b459f5c35ad19
10
reference_url https://github.com/moodle/moodle/commit/66de66fe6a8ce8f491562edad0a14f26d4808cb4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/66de66fe6a8ce8f491562edad0a14f26d4808cb4
11
reference_url https://github.com/moodle/moodle/commit/770d3ce42669067eca2bcee22d142ed7fec08550
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/770d3ce42669067eca2bcee22d142ed7fec08550
12
reference_url https://github.com/moodle/moodle/commit/82b3260eab2db58dfa9510645fd2c60ee0ce142e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/82b3260eab2db58dfa9510645fd2c60ee0ce142e
13
reference_url https://github.com/moodle/moodle/commit/88ec9f308da6a4bc7a735458cdf72648357d501d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/88ec9f308da6a4bc7a735458cdf72648357d501d
14
reference_url https://moodle.org/mod/forum/discuss.php?d=264266
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264266
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3545
reference_id CVE-2014-3545
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3545
16
reference_url https://github.com/advisories/GHSA-3m99-h3hp-w9j7
reference_id GHSA-3m99-h3hp-w9j7
reference_type
scores
url https://github.com/advisories/GHSA-3m99-h3hp-w9j7
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3545, GHSA-3m99-h3hp-w9j7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxyw-7hnt-hqd6
17
url VCID-r88h-mteg-yka9
vulnerability_id VCID-r88h-mteg-yka9
summary 
Improper Control of Generation of Code ('Code Injection')
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3541
reference_id
reference_type
scores
0
value 0.01935
scoring_system epss
scoring_elements 0.83734
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3541
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
5
reference_url https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
6
reference_url https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
7
reference_url https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
8
reference_url https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
9
reference_url https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
10
reference_url https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
11
reference_url https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
12
reference_url https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
13
reference_url https://moodle.org/mod/forum/discuss.php?d=264262
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264262
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3541
reference_id CVE-2014-3541
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3541
15
reference_url https://github.com/advisories/GHSA-fccf-p8fx-vjj4
reference_id GHSA-fccf-p8fx-vjj4
reference_type
scores
url https://github.com/advisories/GHSA-fccf-p8fx-vjj4
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3541, GHSA-fccf-p8fx-vjj4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r88h-mteg-yka9
18
url VCID-rdfn-52p2-afa7
vulnerability_id VCID-rdfn-52p2-afa7
summary 
Moodle Temporary Passwords are Brute Force-able
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
1
reference_url http://openwall.com/lists/oss-security/2014/11/17/11
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/11/17/11
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7845
reference_id
reference_type
scores
0
value 0.00712
scoring_system epss
scoring_elements 0.72672
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7845
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/04f2e83ce76cf931e6614497c1a7cc6c8afb9454
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/04f2e83ce76cf931e6614497c1a7cc6c8afb9454
5
reference_url https://github.com/moodle/moodle/commit/3128901f99d41d9368e81ffc67f4bc0535221e02
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/3128901f99d41d9368e81ffc67f4bc0535221e02
6
reference_url https://github.com/moodle/moodle/commit/40a04658232d898223462f84d8cd35510338acbe
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/40a04658232d898223462f84d8cd35510338acbe
7
reference_url https://github.com/moodle/moodle/commit/ece03f3b13c5eefa7bb008401b9414eed620eebc
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ece03f3b13c5eefa7bb008401b9414eed620eebc
8
reference_url https://moodle.org/mod/forum/discuss.php?d=275152
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=275152
9
reference_url https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7845
reference_id CVE-2014-7845
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7845
11
reference_url https://github.com/advisories/GHSA-9v64-447r-wch6
reference_id GHSA-9v64-447r-wch6
reference_type
scores
url https://github.com/advisories/GHSA-9v64-447r-wch6
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.9
purl pkg:composer/moodle/moodle@2.5.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hbky-xx53-vkct
1
vulnerability VCID-uptz-tj66-7yfk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9
1
url pkg:composer/moodle/moodle@2.6.6
purl pkg:composer/moodle/moodle@2.6.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6
2
url pkg:composer/moodle/moodle@2.7.3
purl pkg:composer/moodle/moodle@2.7.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3
aliases CVE-2014-7845, GHSA-9v64-447r-wch6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdfn-52p2-afa7
19
url VCID-s5cy-eva4-wbaf
vulnerability_id VCID-s5cy-eva4-wbaf
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3551
reference_id
reference_type
scores
0
value 0.00251
scoring_system epss
scoring_elements 0.48589
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3551
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
5
reference_url https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
6
reference_url https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
7
reference_url https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
8
reference_url https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
9
reference_url https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
10
reference_url https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
11
reference_url https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
12
reference_url https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
13
reference_url https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
14
reference_url https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
15
reference_url https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
16
reference_url https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
17
reference_url https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
18
reference_url https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
19
reference_url https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
20
reference_url https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
21
reference_url https://moodle.org/mod/forum/discuss.php?d=264273
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264273
22
reference_url https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3551
reference_id CVE-2014-3551
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3551
24
reference_url https://github.com/advisories/GHSA-m8f5-9wg8-2c3h
reference_id GHSA-m8f5-9wg8-2c3h
reference_type
scores
url https://github.com/advisories/GHSA-m8f5-9wg8-2c3h
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3551, GHSA-m8f5-9wg8-2c3h
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5cy-eva4-wbaf
20
url VCID-ucg8-htfc-2bhn
vulnerability_id VCID-ucg8-htfc-2bhn
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss
3
reference_url http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
reference_id
reference_type
scores
url http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
4
reference_url http://osvdb.org/show/osvdb/109337
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://osvdb.org/show/osvdb/109337
5
reference_url http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3544
reference_id
reference_type
scores
0
value 0.00818
scoring_system epss
scoring_elements 0.74711
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3544
7
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
8
reference_url https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9
9
reference_url https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9
10
reference_url https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
11
reference_url https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74
12
reference_url https://moodle.org/mod/forum/discuss.php?d=264265
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264265
13
reference_url http://www.exploit-db.com/exploits/34169
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.exploit-db.com/exploits/34169
14
reference_url http://www.securityfocus.com/bid/68756
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/68756
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3544
reference_id CVE-2014-3544
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3544
16
reference_url https://github.com/advisories/GHSA-c9jp-244j-vh78
reference_id GHSA-c9jp-244j-vh78
reference_type
scores
url https://github.com/advisories/GHSA-c9jp-244j-vh78
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3544, GHSA-c9jp-244j-vh78
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ucg8-htfc-2bhn
21
url VCID-vrfy-36yc-muhr
vulnerability_id VCID-vrfy-36yc-muhr
summary 
Moodle allows attackers to modify the visibility of a badge
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
1
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0129
reference_id
reference_type
scores
0
value 0.00193
scoring_system epss
scoring_elements 0.41039
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0129
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/100ec861820ce763d4f25a9f98649bb1ae17e7a5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/100ec861820ce763d4f25a9f98649bb1ae17e7a5
5
reference_url https://github.com/moodle/moodle/commit/28c8ac2c4a8d831f0efd653fa499a5d2384e6e88
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/28c8ac2c4a8d831f0efd653fa499a5d2384e6e88
6
reference_url https://github.com/moodle/moodle/commit/c5d7d20f40a71e23d951c7272675a19fef170fbe
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c5d7d20f40a71e23d951c7272675a19fef170fbe
7
reference_url https://moodle.org/mod/forum/discuss.php?d=256424
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256424
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0129
reference_id CVE-2014-0129
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0129
9
reference_url https://github.com/advisories/GHSA-5rr5-fxhc-jv64
reference_id GHSA-5rr5-fxhc-jv64
reference_type
scores
url https://github.com/advisories/GHSA-5rr5-fxhc-jv64
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.5
purl pkg:composer/moodle/moodle@2.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.5
1
url pkg:composer/moodle/moodle@2.6.2
purl pkg:composer/moodle/moodle@2.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qpu2-8paz-7ydv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.2
aliases CVE-2014-0129, GHSA-5rr5-fxhc-jv64
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrfy-36yc-muhr
22
url VCID-vs2j-b4qg-nbgu
vulnerability_id VCID-vs2j-b4qg-nbgu
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3548
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.49148
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3548
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a
5
reference_url https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288
6
reference_url https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe
7
reference_url https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e
8
reference_url https://moodle.org/mod/forum/discuss.php?d=264270
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=264270
9
reference_url https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3548
reference_id CVE-2014-3548
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3548
11
reference_url https://github.com/advisories/GHSA-f66h-6mj2-rwj2
reference_id GHSA-f66h-6mj2-rwj2
reference_type
scores
url https://github.com/advisories/GHSA-f66h-6mj2-rwj2
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
1
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
2
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
aliases CVE-2014-3548, GHSA-f66h-6mj2-rwj2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vs2j-b4qg-nbgu
23
url VCID-vwyj-z4gf-8fg5
vulnerability_id VCID-vwyj-z4gf-8fg5
summary 
Improper Authentication
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119
1
reference_url http://openwall.com/lists/oss-security/2014/05/19/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/05/19/1
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0214
reference_id
reference_type
scores
0
value 0.00466
scoring_system epss
scoring_elements 0.64755
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0214
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://github.com/moodle/moodle/commit/14c16a416373f68c36b65f4653c0bd076eb0b290
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/14c16a416373f68c36b65f4653c0bd076eb0b290
5
reference_url https://github.com/moodle/moodle/commit/437240b5aa7719f1b8cce1e0f45ac0708c72cc23
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/437240b5aa7719f1b8cce1e0f45ac0708c72cc23
6
reference_url https://github.com/moodle/moodle/commit/679e323aaab2a968b8e87862e1658814645db525
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/679e323aaab2a968b8e87862e1658814645db525
7
reference_url https://github.com/moodle/moodle/commit/b5b2eab6778bee166e20bc5eec0138d89795ac3d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b5b2eab6778bee166e20bc5eec0138d89795ac3d
8
reference_url https://moodle.org/mod/forum/discuss.php?d=260362
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=260362
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0214
reference_id CVE-2014-0214
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0214
10
reference_url https://github.com/advisories/GHSA-48rq-vj58-2mh6
reference_id GHSA-48rq-vj58-2mh6
reference_type
scores
url https://github.com/advisories/GHSA-48rq-vj58-2mh6
fixed_packages
0
url pkg:composer/moodle/moodle@2.5.6
purl pkg:composer/moodle/moodle@2.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.6
1
url pkg:composer/moodle/moodle@2.6.3
purl pkg:composer/moodle/moodle@2.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-h8xn-n98n-qqdv
1
vulnerability VCID-qxyw-7hnt-hqd6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.3
aliases CVE-2014-0214, GHSA-48rq-vj58-2mh6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vwyj-z4gf-8fg5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.0