Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@2.5.9

Type composer

Namespace moodle

Name moodle

Version 2.5.9

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.5.17

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-2s6b-tp6p-gue1

vulnerability_id VCID-2s6b-tp6p-gue1

summary

Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10186

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.59199
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10186

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b

reference_url

https://moodle.org/mod/forum/discuss.php?d=388567#p1566329

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388567#p1566329

reference_url

https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10186

reference_id

CVE-2019-10186

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10186

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10186, GHSA-wv9c-pfpm-4wc5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1

url VCID-37pj-u3gh-n7fd

vulnerability_id VCID-37pj-u3gh-n7fd

summary

Insertion of Sensitive Information into Log File
Moodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2190

reference_id

reference_type

scores

value	0.00437
scoring_system	epss
scoring_elements	0.63393
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2190

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/1688564a6eee6000013f6e185f704049283ae375

reference_url

https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/190757854d9ce3b3ce3100dc76de54277f3bdd14

reference_url

https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/314d105c169c67e3ce750f76b21d99983d4a9ff5

reference_url

https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/4d6f159f681882496e05ddacf2561929d2d23f0e

reference_url

https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/9f91c23536a31ba2dc91b0ba2ae726b1757a20cb

reference_url

https://moodle.org/mod/forum/discuss.php?d=330181

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=330181

reference_url

https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210801130148/http://www.securitytracker.com/id/1035333

reference_url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2190

reference_id

CVE-2016-2190

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2190

fixed_packages

url pkg:composer/moodle/moodle@2.7.0-beta

purl pkg:composer/moodle/moodle@2.7.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0-beta

url pkg:composer/moodle/moodle@2.7.13

purl pkg:composer/moodle/moodle@2.7.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13

url pkg:composer/moodle/moodle@2.8.11

purl pkg:composer/moodle/moodle@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11

url pkg:composer/moodle/moodle@2.9.5

purl pkg:composer/moodle/moodle@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5

url pkg:composer/moodle/moodle@3.0.3

purl pkg:composer/moodle/moodle@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3

aliases CVE-2016-2190, GHSA-r9pc-g29w-f86j

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd

url VCID-65y9-9ur2-pugc

vulnerability_id VCID-65y9-9ur2-pugc

summary

Improper Input Validation
There is incorrect sanitization of attributes in forums.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2576

reference_id

reference_type

scores

value	0.00289
scoring_system	epss
scoring_elements	0.5258
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2576

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=345912

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=345912

reference_url

http://www.securityfocus.com/bid/95649

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/95649

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2576

reference_id

CVE-2017-2576

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2576

fixed_packages

url pkg:composer/moodle/moodle@2.7.18

purl pkg:composer/moodle/moodle@2.7.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.18

url pkg:composer/moodle/moodle@2.9.0-beta

purl pkg:composer/moodle/moodle@2.9.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0-beta

url pkg:composer/moodle/moodle@3.0.0-beta

purl pkg:composer/moodle/moodle@3.0.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0-beta

url pkg:composer/moodle/moodle@3.0.8

purl pkg:composer/moodle/moodle@3.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8

url pkg:composer/moodle/moodle@3.1.4

purl pkg:composer/moodle/moodle@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4

url pkg:composer/moodle/moodle@3.2.1

purl pkg:composer/moodle/moodle@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2qjr-wjh1-8fh6

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1

aliases CVE-2017-2576, GHSA-cjrf-xg77-chpw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc

url VCID-83kb-4mk9-t7ge

vulnerability_id VCID-83kb-4mk9-t7ge

summary

Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15110

reference_id

reference_type

scores

value	0.00237
scoring_system	epss
scoring_elements	0.46726
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15110

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=361784

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=361784

reference_url

http://www.securityfocus.com/bid/101909

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/101909

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-15110

reference_id

CVE-2017-15110

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-15110

fixed_packages

url pkg:composer/moodle/moodle@3.1.0-beta

purl pkg:composer/moodle/moodle@3.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0-beta

url pkg:composer/moodle/moodle@3.1.9

purl pkg:composer/moodle/moodle@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9

url pkg:composer/moodle/moodle@3.2.6

purl pkg:composer/moodle/moodle@3.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6

url pkg:composer/moodle/moodle@3.3.3

purl pkg:composer/moodle/moodle@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

aliases CVE-2017-15110, GHSA-rjh8-w8jg-xwq5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge

url VCID-a6pb-47tu-afcg

vulnerability_id VCID-a6pb-47tu-afcg

summary

Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1692

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36547
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1692

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1692

reference_id

CVE-2020-1692

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1692

fixed_packages

url pkg:composer/moodle/moodle@3.7.2

purl pkg:composer/moodle/moodle@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2

aliases CVE-2020-1692, GHSA-9328-7pcw-vw69

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg

url VCID-ajkr-fxa1-mkhk

vulnerability_id VCID-ajkr-fxa1-mkhk

summary

Cross-site Scripting
Moodle is vulnerable to XSS via a calendar event name.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1045

reference_id

reference_type

scores

value	0.00237
scoring_system	epss
scoring_elements	0.46987
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1045

reference_url

https://moodle.org/mod/forum/discuss.php?d=364384

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=364384

reference_url

https://web.archive.org/web/20210124134120/http://www.securityfocus.com/bid/102755

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124134120/http://www.securityfocus.com/bid/102755

reference_url	http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102755

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1045

reference_id

CVE-2018-1045

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1045

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

aliases CVE-2018-1045, GHSA-595j-wpfg-23w4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk

url VCID-an53-nu91-k3d7

vulnerability_id VCID-an53-nu91-k3d7

summary

Cross-site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2152

reference_id

reference_type

scores

value	0.00223
scoring_system	epss
scoring_elements	0.44992
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2152

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657

reference_url

https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055

reference_url

https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1

reference_url

https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897

reference_url

https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349

reference_url

https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c

reference_url

https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b

reference_url

https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20

reference_url

https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d

reference_url

https://moodle.org/mod/forum/discuss.php?d=330174

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=330174

reference_url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2152

reference_id

CVE-2016-2152

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2152

fixed_packages

url pkg:composer/moodle/moodle@2.7.0-beta

purl pkg:composer/moodle/moodle@2.7.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0-beta

url pkg:composer/moodle/moodle@2.7.13

purl pkg:composer/moodle/moodle@2.7.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13

url pkg:composer/moodle/moodle@2.8.11

purl pkg:composer/moodle/moodle@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11

url pkg:composer/moodle/moodle@2.9.5

purl pkg:composer/moodle/moodle@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5

url pkg:composer/moodle/moodle@3.0.3

purl pkg:composer/moodle/moodle@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3

aliases CVE-2016-2152, GHSA-6mxm-wpqv-675h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7

url VCID-bjnq-q2nd-1khp

vulnerability_id VCID-bjnq-q2nd-1khp

summary

Cross-Site Request Forgery (CSRF)
The login form is not protected by a token to prevent login cross-site request forgery.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16854

reference_id

reference_type

scores

value	0.01178
scoring_system	epss
scoring_elements	0.79076
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16854

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=378731

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=378731

reference_url

http://www.securityfocus.com/bid/106017

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106017

reference_url

http://www.securitytracker.com/id/1042154

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1042154

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-16854

reference_id

CVE-2018-16854

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-16854

fixed_packages

url pkg:composer/moodle/moodle@3.1.0-beta

purl pkg:composer/moodle/moodle@3.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0-beta

url pkg:composer/moodle/moodle@3.1.15

purl pkg:composer/moodle/moodle@3.1.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15

url pkg:composer/moodle/moodle@3.3.9

purl pkg:composer/moodle/moodle@3.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.9

url pkg:composer/moodle/moodle@3.4.6

purl pkg:composer/moodle/moodle@3.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6

url pkg:composer/moodle/moodle@3.5.3

purl pkg:composer/moodle/moodle@3.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3

aliases CVE-2018-16854, GHSA-xj5f-qv37-r9jc

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bjnq-q2nd-1khp

url VCID-duna-st9c-mqbk

vulnerability_id VCID-duna-st9c-mqbk

summary

Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1044

reference_id

reference_type

scores

value	0.00185
scoring_system	epss
scoring_elements	0.3998
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1044

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=364383

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=364383

reference_url

http://www.securityfocus.com/bid/102754

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/102754

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1044

reference_id

CVE-2018-1044

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1044

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1044, GHSA-332g-xh34-5c96

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk

url VCID-eaqp-7abt-6kg9

vulnerability_id VCID-eaqp-7abt-6kg9

summary

Improper Access Control
The `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2159

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43403
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2159

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a

reference_url

https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261

reference_url

https://github.com/moodle/moodle/commit/711f9468d4e2792afe0f2025ac98c52ee3e4ee71

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/711f9468d4e2792afe0f2025ac98c52ee3e4ee71

reference_url

https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e

reference_url

https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36

reference_url

https://moodle.org/mod/forum/discuss.php?d=330182

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=330182

reference_url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2159

reference_id

CVE-2016-2159

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2159

fixed_packages

url pkg:composer/moodle/moodle@2.7.0-beta

purl pkg:composer/moodle/moodle@2.7.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0-beta

url pkg:composer/moodle/moodle@2.7.13

purl pkg:composer/moodle/moodle@2.7.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13

url pkg:composer/moodle/moodle@2.8.11

purl pkg:composer/moodle/moodle@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11

url pkg:composer/moodle/moodle@2.9.5

purl pkg:composer/moodle/moodle@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5

url pkg:composer/moodle/moodle@3.0.3

purl pkg:composer/moodle/moodle@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3

aliases CVE-2016-2159, GHSA-cw72-69wq-f9f2

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9

url VCID-eu27-a3px-87ed

vulnerability_id VCID-eu27-a3px-87ed

summary

Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10189

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10189

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388570

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388570

reference_url

http://www.securityfocus.com/bid/109271

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10189

reference_id

CVE-2019-10189

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10189

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10189, GHSA-h7xp-7fjp-ghhc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed

url VCID-fsex-f512-pudv

vulnerability_id VCID-fsex-f512-pudv

summary

Injection Vulnerability
In Moodle, text injection can occur in email headers, potentially leading to outbound spam.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-5013

reference_id

reference_type

scores

value	0.00363
scoring_system	epss
scoring_elements	0.58644
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-5013

reference_url

https://github.com/moodle/moodle/commit/ed63718caa48803843a14140d8a27f04aba9c8c4

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ed63718caa48803843a14140d8a27f04aba9c8c4

reference_url

https://moodle.org/mod/forum/discuss.php?d=336698

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=336698

reference_url

https://web.archive.org/web/20210123154543/http://www.securityfocus.com/bid/92040

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123154543/http://www.securityfocus.com/bid/92040

reference_url	http://www.securityfocus.com/bid/92040
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/92040

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-5013

reference_id

CVE-2016-5013

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-5013

fixed_packages

url pkg:composer/moodle/moodle@2.7.15

purl pkg:composer/moodle/moodle@2.7.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.15

url pkg:composer/moodle/moodle@2.9.0-beta

purl pkg:composer/moodle/moodle@2.9.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0-beta

url pkg:composer/moodle/moodle@2.9.7

purl pkg:composer/moodle/moodle@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7

url pkg:composer/moodle/moodle@3.0.5

purl pkg:composer/moodle/moodle@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5

url pkg:composer/moodle/moodle@3.1.1

purl pkg:composer/moodle/moodle@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-e2zc-7ujn-wybu

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1

aliases CVE-2016-5013, GHSA-2hh3-jmv8-5fmx

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv

url VCID-hbky-xx53-vkct

vulnerability_id VCID-hbky-xx53-vkct

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144

reference_url

http://openwall.com/lists/oss-security/2015/03/16/1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/03/16/1

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-2269

reference_id

reference_type

scores

value	0.00534
scoring_system	epss
scoring_elements	0.67763
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-2269

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21

reference_url

https://moodle.org/mod/forum/discuss.php?d=307383

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=307383

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-2269

reference_id

CVE-2015-2269

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-2269

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/36418.txt
reference_id	CVE-2015-2269;OSVDB-119617
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/36418.txt

reference_url	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php
reference_id	CVE-2015-2269;OSVDB-119617
reference_type	exploit
scores
url	http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php

reference_url	https://github.com/advisories/GHSA-cp39-43xr-2wrp
reference_id	GHSA-cp39-43xr-2wrp
reference_type
scores
url	https://github.com/advisories/GHSA-cp39-43xr-2wrp

fixed_packages

url pkg:composer/moodle/moodle@2.6.9

purl pkg:composer/moodle/moodle@2.6.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.9

url pkg:composer/moodle/moodle@2.7.6

purl pkg:composer/moodle/moodle@2.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.6

url pkg:composer/moodle/moodle@2.8.4

purl pkg:composer/moodle/moodle@2.8.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4

aliases CVE-2015-2269, GHSA-cp39-43xr-2wrp

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbky-xx53-vkct

url VCID-jcq6-btgz-fkf6

vulnerability_id VCID-jcq6-btgz-fkf6

summary

Cross-site Scripting
It was found in Moodle that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20183

reference_id

reference_type

scores

value	0.00455
scoring_system	epss
scoring_elements	0.64171
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20183

reference_url

https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3

reference_url

https://moodle.org/mod/forum/discuss.php?d=417166

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417166

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20183

reference_id

CVE-2021-20183

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20183

fixed_packages

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

url	pkg:composer/moodle/moodle@4.0.0-beta
purl	pkg:composer/moodle/moodle@4.0.0-beta
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0-beta

aliases CVE-2021-20183, GHSA-xhfx-rm8q-c3xv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcq6-btgz-fkf6

url VCID-k1bh-ymgt-e7cd

vulnerability_id VCID-k1bh-ymgt-e7cd

summary

Unrestricted Upload of File with Dangerous Type
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9187

reference_id

reference_type

scores

value	0.02078
scoring_system	epss
scoring_elements	0.84283
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9187

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html

reference_url

http://www.securityfocus.com/bid/94191

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/94191

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9187

reference_id

CVE-2016-9187

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9187

fixed_packages

url pkg:composer/moodle/moodle@3.1.3

purl pkg:composer/moodle/moodle@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-e2zc-7ujn-wybu

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3

aliases CVE-2016-9187, GHSA-58fm-v4pr-jh8p

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bh-ymgt-e7cd

url VCID-k6pw-51st-b3d2

vulnerability_id VCID-k6pw-51st-b3d2

summary

Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-2153

reference_id

reference_type

scores

value	0.00223
scoring_system	epss
scoring_elements	0.44992
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-2153

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2

reference_url

https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2

reference_url

https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92

reference_url

https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead

reference_url

https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503

reference_url

https://moodle.org/mod/forum/discuss.php?d=330175

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=330175

reference_url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

reference_url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/03/21/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-2153

reference_id

CVE-2016-2153

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-2153

fixed_packages

url pkg:composer/moodle/moodle@2.7.0-beta

purl pkg:composer/moodle/moodle@2.7.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0-beta

url pkg:composer/moodle/moodle@2.7.13

purl pkg:composer/moodle/moodle@2.7.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13

url pkg:composer/moodle/moodle@2.8.11

purl pkg:composer/moodle/moodle@2.8.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11

url pkg:composer/moodle/moodle@2.9.5

purl pkg:composer/moodle/moodle@2.9.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5

url pkg:composer/moodle/moodle@3.0.3

purl pkg:composer/moodle/moodle@3.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3

aliases CVE-2016-2153, GHSA-mj85-3hqq-r6r9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2

url VCID-k73h-z6j8-gkgz

vulnerability_id VCID-k73h-z6j8-gkgz

summary

Information Exposure
The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372

reference_url

http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3810

reference_id

reference_type

scores

value	0.08385
scoring_system	epss
scoring_elements	0.92457
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3810

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=381230#p1536767

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=381230#p1536767

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49814.txt
reference_id	CVE-2019-3810
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/49814.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3810

reference_id

CVE-2019-3810

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3810

fixed_packages

url pkg:composer/moodle/moodle@3.1.0-beta

purl pkg:composer/moodle/moodle@3.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0-beta

url pkg:composer/moodle/moodle@3.1.15

purl pkg:composer/moodle/moodle@3.1.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15

url pkg:composer/moodle/moodle@3.1.16

purl pkg:composer/moodle/moodle@3.1.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16

url pkg:composer/moodle/moodle@3.4.6

purl pkg:composer/moodle/moodle@3.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6

url pkg:composer/moodle/moodle@3.4.7

purl pkg:composer/moodle/moodle@3.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7

url pkg:composer/moodle/moodle@3.5.3

purl pkg:composer/moodle/moodle@3.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3

url pkg:composer/moodle/moodle@3.5.4

purl pkg:composer/moodle/moodle@3.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4

url pkg:composer/moodle/moodle@3.6.1

purl pkg:composer/moodle/moodle@3.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.1

url pkg:composer/moodle/moodle@3.6.2

purl pkg:composer/moodle/moodle@3.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2

aliases CVE-2019-3810, GHSA-wm4w-8vc6-2j4h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz

url VCID-m3np-aebb-8qaa

vulnerability_id VCID-m3np-aebb-8qaa

summary

Improper Access Control
A web service fetching messages was not restricted to the current user's conversations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10154

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.4672
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10154

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6

reference_url

https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c

reference_url

https://moodle.org/mod/forum/discuss.php?d=386521

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=386521

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10154

reference_id

CVE-2019-10154

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10154

fixed_packages

url pkg:composer/moodle/moodle@3.6.4

purl pkg:composer/moodle/moodle@3.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4

aliases CVE-2019-10154, GHSA-ww45-x87c-wgff

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3np-aebb-8qaa

url VCID-m4zv-e3dn-budf

vulnerability_id VCID-m4zv-e3dn-budf

summary

Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1081

reference_id

reference_type

scores

value	0.00927
scoring_system	epss
scoring_elements	0.76428
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1081

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392

reference_url

https://moodle.org/mod/forum/discuss.php?d=367938

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=367938

reference_url

http://www.securityfocus.com/bid/103728

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/103728

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1081

reference_id

CVE-2018-1081

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1081

fixed_packages

url pkg:composer/moodle/moodle@3.1.0-beta

purl pkg:composer/moodle/moodle@3.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0-beta

url pkg:composer/moodle/moodle@3.1.11

purl pkg:composer/moodle/moodle@3.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11

url pkg:composer/moodle/moodle@3.2.8

purl pkg:composer/moodle/moodle@3.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8

url pkg:composer/moodle/moodle@3.3.5

purl pkg:composer/moodle/moodle@3.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5

url pkg:composer/moodle/moodle@3.4.2

purl pkg:composer/moodle/moodle@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2

aliases CVE-2018-1081, GHSA-v9xq-vh72-chr4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf

url VCID-mkfz-e1ft-2bcw

vulnerability_id VCID-mkfz-e1ft-2bcw

summary

Code Injection
It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20187

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.7197
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20187

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417171

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417171

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20187

reference_id

CVE-2021-20187

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20187

fixed_packages

url pkg:composer/moodle/moodle@3.5.16

purl pkg:composer/moodle/moodle@3.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20187, GHSA-2jrm-gww7-wch2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkfz-e1ft-2bcw

url VCID-nntc-dsz1-e3fp

vulnerability_id VCID-nntc-dsz1-e3fp

summary

Cross-site Scripting
It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20186

reference_id

reference_type

scores

value	0.0053
scoring_system	epss
scoring_elements	0.67569
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20186

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417170

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20186

reference_id

CVE-2021-20186

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20186

fixed_packages

url pkg:composer/moodle/moodle@3.5.16

purl pkg:composer/moodle/moodle@3.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20186, GHSA-h8m4-h385-qhqv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nntc-dsz1-e3fp

url VCID-qhv1-wgpm-7fh6

vulnerability_id VCID-qhv1-wgpm-7fh6

summary

Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3849

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59366
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3849

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e

reference_url

https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d

reference_url

https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f

reference_url

https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c

reference_url

https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8

reference_url

https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895

reference_url

https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438

reference_url

https://moodle.org/mod/forum/discuss.php?d=384012#p1547744

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384012#p1547744

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3849

reference_id

CVE-2019-3849

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3849

fixed_packages

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3849, GHSA-5wg9-5w3f-hxmh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6

url VCID-r6kn-b963-eqge

vulnerability_id VCID-r6kn-b963-eqge

summary

URL Redirection to Untrusted Site (Open Redirect)
Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3850

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22031
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3850

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/1fc481dd7b09e08e85824c1fe6733b303a36bdce

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/1fc481dd7b09e08e85824c1fe6733b303a36bdce

reference_url

https://github.com/moodle/moodle/commit/772c908d40a944efd91d897d524b255626d330d4

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/772c908d40a944efd91d897d524b255626d330d4

reference_url

https://github.com/moodle/moodle/commit/907b377e51c32ea37feef53e10684b504e103273

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/907b377e51c32ea37feef53e10684b504e103273

reference_url

https://github.com/moodle/moodle/commit/d3f2f990dd3c5d4e6073a77154c6423d1c304647

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/d3f2f990dd3c5d4e6073a77154c6423d1c304647

reference_url

https://moodle.org/mod/forum/discuss.php?d=384013#p1547745

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384013#p1547745

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3850

reference_id

CVE-2019-3850

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3850

fixed_packages

url pkg:composer/moodle/moodle@3.1.17

purl pkg:composer/moodle/moodle@3.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3850, GHSA-3fj7-9j8m-7r8g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge

url VCID-s6uu-335k-yfbc

vulnerability_id VCID-s6uu-335k-yfbc

summary

Improper Input Validation
Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3847

reference_id

reference_type

scores

value	0.00867
scoring_system	epss
scoring_elements	0.75516
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3847

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/070f24d006eab6b958eb083530de159b43c538ed

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/070f24d006eab6b958eb083530de159b43c538ed

reference_url

https://github.com/moodle/moodle/commit/93dda3bfd3caaaa8d23fe8ede543f27ef774958d

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/93dda3bfd3caaaa8d23fe8ede543f27ef774958d

reference_url

https://github.com/moodle/moodle/commit/a37e26d2efe1ca0e4d8d69c611a748af35b33674

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a37e26d2efe1ca0e4d8d69c611a748af35b33674

reference_url

https://github.com/moodle/moodle/commit/e836242e1c04cd62d0afa4a790074fd245628e7a

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/e836242e1c04cd62d0afa4a790074fd245628e7a

reference_url

https://github.com/moodle/moodle/commit/ec3b63c772d6448765c68268234cf36c1a91bcac

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ec3b63c772d6448765c68268234cf36c1a91bcac

reference_url

https://moodle.org/mod/forum/discuss.php?d=384010#p1547742

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384010#p1547742

reference_url

https://web.archive.org/web/20200227082922/http://www.securityfocus.com/bid/107489

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227082922/http://www.securityfocus.com/bid/107489

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3847

reference_id

CVE-2019-3847

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3847

fixed_packages

url pkg:composer/moodle/moodle@3.1.17

purl pkg:composer/moodle/moodle@3.1.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3847, GHSA-qrcj-6fjw-3h9h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc

url VCID-uptz-tj66-7yfk

vulnerability_id VCID-uptz-tj66-7yfk

summary

Moodle Arbitrary Redirect
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179

reference_url

http://openwall.com/lists/oss-security/2015/05/18/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2015/05/18/1

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3175

reference_id

reference_type

scores

value	0.004
scoring_system	epss
scoring_elements	0.6105
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3175

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a

reference_url

https://github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/db200a8e9f88c8c4a2141ac264062dca74ee2f29

reference_url

https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8

reference_url

https://moodle.org/mod/forum/discuss.php?d=313682

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=313682

reference_url

https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358

reference_url

https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3175

reference_id

CVE-2015-3175

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3175

reference_url	https://github.com/advisories/GHSA-h798-h7ff-93xv
reference_id	GHSA-h798-h7ff-93xv
reference_type
scores
url	https://github.com/advisories/GHSA-h798-h7ff-93xv

fixed_packages

url pkg:composer/moodle/moodle@2.6.11

purl pkg:composer/moodle/moodle@2.6.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11

url pkg:composer/moodle/moodle@2.7.8

purl pkg:composer/moodle/moodle@2.7.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8

url pkg:composer/moodle/moodle@2.8.6

purl pkg:composer/moodle/moodle@2.8.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6

aliases CVE-2015-3175, GHSA-h798-h7ff-93xv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uptz-tj66-7yfk

url VCID-vb67-yux5-ayhf

vulnerability_id VCID-vb67-yux5-ayhf

summary

Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7038

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47695
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7038

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=339631

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=339631

reference_url

http://www.securityfocus.com/bid/93174

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/93174

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-7038

reference_id

CVE-2016-7038

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-7038

fixed_packages

url pkg:composer/moodle/moodle@2.7.16

purl pkg:composer/moodle/moodle@2.7.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.16

url pkg:composer/moodle/moodle@2.9.0-beta

purl pkg:composer/moodle/moodle@2.9.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0-beta

url pkg:composer/moodle/moodle@2.9.8

purl pkg:composer/moodle/moodle@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8

url pkg:composer/moodle/moodle@3.0.6

purl pkg:composer/moodle/moodle@3.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6

url pkg:composer/moodle/moodle@3.1.2

purl pkg:composer/moodle/moodle@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-e2zc-7ujn-wybu

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2

aliases CVE-2016-7038, GHSA-2phx-w35g-x9vm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf

url VCID-vfp6-4h8n-bkax

vulnerability_id VCID-vfp6-4h8n-bkax

summary

Code Injection
Moodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14630

reference_id

reference_type

scores

value	0.01859
scoring_system	epss
scoring_elements	0.83401
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14630

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/09cbca8566a388e8f0a1a0cfd86cd0667088ed2c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/09cbca8566a388e8f0a1a0cfd86cd0667088ed2c

reference_url

https://github.com/moodle/moodle/commit/be092b730910ad97fff0511e177a097ec1cc4b1c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/be092b730910ad97fff0511e177a097ec1cc4b1c

reference_url

https://github.com/moodle/moodle/commit/cb8aefa658cf7ad8f002a480343afb2dea94cc08

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cb8aefa658cf7ad8f002a480343afb2dea94cc08

reference_url

https://github.com/moodle/moodle/commit/cfc4393aa689c277a27b9a040ff7dcbdac4e41dd

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cfc4393aa689c277a27b9a040ff7dcbdac4e41dd

reference_url

https://github.com/moodle/moodle/commit/da1eeea0ff3d292b7669e478abc114872dd9cc8f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/da1eeea0ff3d292b7669e478abc114872dd9cc8f

reference_url

https://moodle.org/mod/forum/discuss.php?d=376023

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=376023

reference_url

https://seclists.org/fulldisclosure/2018/Sep/28

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/fulldisclosure/2018/Sep/28

reference_url

https://web.archive.org/web/20200227111301/https://www.securityfocus.com/bid/105354

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227111301/https://www.securityfocus.com/bid/105354

reference_url

https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.sec-consult.com/en/blog/advisories/remote-code-execution-php-unserialize-moodle-open-source-learning-platform-cve-2018-14630

reference_url	http://www.securityfocus.com/bid/105354
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/105354

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14630

reference_id

CVE-2018-14630

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14630

fixed_packages

url pkg:composer/moodle/moodle@3.1.0-beta

purl pkg:composer/moodle/moodle@3.1.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0-beta

url pkg:composer/moodle/moodle@3.1.14

purl pkg:composer/moodle/moodle@3.1.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.14

url pkg:composer/moodle/moodle@3.3.8

purl pkg:composer/moodle/moodle@3.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.8

url pkg:composer/moodle/moodle@3.4.5

purl pkg:composer/moodle/moodle@3.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5

url pkg:composer/moodle/moodle@3.5.2

purl pkg:composer/moodle/moodle@3.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-akv3-zfp8-kkc7

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2

aliases CVE-2018-14630, GHSA-c3pr-h96w-2jjg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vfp6-4h8n-bkax

url VCID-w9ca-exua-g7ar

vulnerability_id VCID-w9ca-exua-g7ar

summary

Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10188

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10188

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388569

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388569

reference_url

http://www.securityfocus.com/bid/109178

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109178

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10188

reference_id

CVE-2019-10188

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10188

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10188, GHSA-92q5-2h76-vgmj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar

url VCID-x7rg-rsb5-pya7

vulnerability_id VCID-x7rg-rsb5-pya7

summary

Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10187

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10187

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388568#p1566330

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388568#p1566330

reference_url

http://www.securityfocus.com/bid/109174

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109174

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10187

reference_id

CVE-2019-10187

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10187

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10187, GHSA-2mg9-hv69-897x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7

url VCID-xmm4-zw49-3feh

vulnerability_id VCID-xmm4-zw49-3feh

summary

Information Exposure
The (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176502.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176502.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176436.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176436.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0724

reference_id

reference_type

scores

value	0.00578
scoring_system	epss
scoring_elements	0.69204
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0724

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/4323a973d57a41e19e039a850ad71ebcabae73c1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/4323a973d57a41e19e039a850ad71ebcabae73c1

reference_url

https://moodle.org/mod/forum/discuss.php?d=326205

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=326205

reference_url

https://web.archive.org/web/20210622172957/http://www.securitytracker.com/id/1034694

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210622172957/http://www.securitytracker.com/id/1034694

reference_url

http://www.openwall.com/lists/oss-security/2016/01/18/1

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/01/18/1

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0724

reference_id

CVE-2016-0724

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0724

fixed_packages

url pkg:composer/moodle/moodle@2.7.0-beta

purl pkg:composer/moodle/moodle@2.7.0-beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0-beta

url pkg:composer/moodle/moodle@2.7.12

purl pkg:composer/moodle/moodle@2.7.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.12

url pkg:composer/moodle/moodle@2.8.10

purl pkg:composer/moodle/moodle@2.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10

url pkg:composer/moodle/moodle@2.9.4

purl pkg:composer/moodle/moodle@2.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4

url pkg:composer/moodle/moodle@3.0.2

purl pkg:composer/moodle/moodle@3.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zgzm-wj81-jkah

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2

aliases CVE-2016-0724, GHSA-hjrj-7wcj-7j3c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh

url VCID-y8up-cqtu-jkdw

vulnerability_id VCID-y8up-cqtu-jkdw

summary

Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18210

reference_id

reference_type

scores

value	0.0044
scoring_system	epss
scoring_elements	0.63483
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18210

reference_url

https://docs.moodle.org/38/en/Teacher_role

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.moodle.org/38/en/Teacher_role

reference_url

https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18210

reference_id

CVE-2019-18210

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18210

fixed_packages

url pkg:composer/moodle/moodle@3.7.3

purl pkg:composer/moodle/moodle@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3

aliases CVE-2019-18210, GHSA-q6vw-27c6-jv9c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw

url VCID-yghg-775s-vber

vulnerability_id VCID-yghg-775s-vber

summary

Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.

references

reference_url

http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1042

reference_id

reference_type

scores

value	0.12866
scoring_system	epss
scoring_elements	0.94175
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1042

reference_url

https://github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24

reference_url

https://moodle.org/mod/forum/discuss.php?d=364381

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=364381

reference_url

https://web.archive.org/web/20210124134113/http://www.securityfocus.com/bid/102752

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210124134113/http://www.securityfocus.com/bid/102752

reference_url	http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102752

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47177.txt
reference_id	CVE-2018-1042
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47177.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1042

reference_id

CVE-2018-1042

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1042

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mmg3-7fz9-5uak

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-x9vd-njdz-jua9

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1042, GHSA-qqjv-mc2v-p7mc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber

url VCID-zjrq-np3y-hua5

vulnerability_id VCID-zjrq-np3y-hua5

summary

Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3848

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32374
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3848

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3848

reference_id

CVE-2019-3848

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3848

fixed_packages

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3848, GHSA-45rw-4r25-jvg7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5

url VCID-zwkk-zazw-6fgg

vulnerability_id VCID-zwkk-zazw-6fgg

summary

Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20184

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.34896
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20184

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417167

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20184

reference_id

CVE-2021-20184

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20184

fixed_packages

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20184, GHSA-mm73-86f9-5x5c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg

Fixing_vulnerabilities

url VCID-1rar-m2g3-27ag

vulnerability_id VCID-1rar-m2g3-27ag

summary

Exposure of Sensitive Information to an Unauthorized Actor
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by accessing the database after an edit by a teacher.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7833

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50932
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7833

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/2c639e85a32aaef4a9978e5ca139fb74ca5d6ae4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/2c639e85a32aaef4a9978e5ca139fb74ca5d6ae4

reference_url

https://github.com/moodle/moodle/commit/3e312a16f48dd8e8b230cb71e64295ee54992f80

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/3e312a16f48dd8e8b230cb71e64295ee54992f80

reference_url

https://github.com/moodle/moodle/commit/c4a6c65c1bd8536484a9e53e62d3867081dedd6b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/c4a6c65c1bd8536484a9e53e62d3867081dedd6b

reference_url

https://github.com/moodle/moodle/commit/cc375a22b95b2e0f927a21ffd97c06f2276d8c14

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cc375a22b95b2e0f927a21ffd97c06f2276d8c14

reference_url

https://moodle.org/mod/forum/discuss.php?d=275155

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275155

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7833

reference_id

CVE-2014-7833

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7833

reference_url	https://github.com/advisories/GHSA-jq7x-gm9r-v8m7
reference_id	GHSA-jq7x-gm9r-v8m7
reference_type
scores
url	https://github.com/advisories/GHSA-jq7x-gm9r-v8m7

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7833, GHSA-jq7x-gm9r-v8m7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rar-m2g3-27ag

url VCID-29yj-e9bd-queq

vulnerability_id VCID-29yj-e9bd-queq

summary

Moodle allows attackers to remove wiki pages
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7837

reference_id

reference_type

scores

value	0.00606
scoring_system	epss
scoring_elements	0.70046
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7837

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/a481e32f02cdabd2b76aaa06d1d513ffe480e71b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a481e32f02cdabd2b76aaa06d1d513ffe480e71b

reference_url

https://github.com/moodle/moodle/commit/a866ad40beb1c1d7faca2da9c3cbad2dcf6fa32b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a866ad40beb1c1d7faca2da9c3cbad2dcf6fa32b

reference_url

https://github.com/moodle/moodle/commit/dc003ed98e47174a2a4c349f187265a383a386c0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/dc003ed98e47174a2a4c349f187265a383a386c0

reference_url

https://github.com/moodle/moodle/commit/e2a8ac6b1103167d6786cb1801703c2c0f8467ca

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/e2a8ac6b1103167d6786cb1801703c2c0f8467ca

reference_url

https://moodle.org/mod/forum/discuss.php?d=275163

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275163

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7837

reference_id

CVE-2014-7837

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7837

reference_url	https://github.com/advisories/GHSA-p3hj-cfhm-7g6v
reference_id	GHSA-p3hj-cfhm-7g6v
reference_type
scores
url	https://github.com/advisories/GHSA-p3hj-cfhm-7g6v

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7837, GHSA-p3hj-cfhm-7g6v

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29yj-e9bd-queq

url VCID-5c29-qn3p-3yde

vulnerability_id VCID-5c29-qn3p-3yde

summary

Moodle does not consider the moodle/tag:edit capability before adding a tag
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7846

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47692
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7846

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/1d9e0857f8bd9f21d25886f77cc13120f9d6be08

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/1d9e0857f8bd9f21d25886f77cc13120f9d6be08

reference_url

https://github.com/moodle/moodle/commit/932694ca59413ce8a0546b8bfb97e07e3b4cf17b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/932694ca59413ce8a0546b8bfb97e07e3b4cf17b

reference_url

https://github.com/moodle/moodle/commit/bb69623c5c0754467f01f916f94446e1caddb6a8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/bb69623c5c0754467f01f916f94446e1caddb6a8

reference_url

https://moodle.org/mod/forum/discuss.php?d=275157

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275157

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7846

reference_id

CVE-2014-7846

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7846

reference_url	https://github.com/advisories/GHSA-468q-9cmp-76wc
reference_id	GHSA-468q-9cmp-76wc
reference_type
scores
url	https://github.com/advisories/GHSA-468q-9cmp-76wc

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7846, GHSA-468q-9cmp-76wc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5c29-qn3p-3yde

url VCID-8q4n-d565-kfbn

vulnerability_id VCID-8q4n-d565-kfbn

summary

Cross-Site Request Forgery (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within (1) mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3) mod/forum/index.php, or (4) mod/forum/lib.php.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48019

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7838

reference_id

reference_type

scores

value	0.00173
scoring_system	epss
scoring_elements	0.3846
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7838

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/545eb1bcfdbfc352bf6c31edf440485ba6d5af42

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/545eb1bcfdbfc352bf6c31edf440485ba6d5af42

reference_url

https://github.com/moodle/moodle/commit/7a311adbba9471edb5a49e4c4b8c356c87f0e44b

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/7a311adbba9471edb5a49e4c4b8c356c87f0e44b

reference_url

https://github.com/moodle/moodle/commit/bef4a5e01739f2b239c0910b9e1aa2841b979f7d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/bef4a5e01739f2b239c0910b9e1aa2841b979f7d

reference_url

https://github.com/moodle/moodle/commit/c812956efda7d10dfdce5ae19c0ec8879de38a31

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/c812956efda7d10dfdce5ae19c0ec8879de38a31

reference_url

https://moodle.org/mod/forum/discuss.php?d=275164

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275164

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7838

reference_id

CVE-2014-7838

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7838

reference_url	https://github.com/advisories/GHSA-43r4-vm25-qm78
reference_id	GHSA-43r4-vm25-qm78
reference_type
scores
url	https://github.com/advisories/GHSA-43r4-vm25-qm78

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7838, GHSA-43r4-vm25-qm78

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8q4n-d565-kfbn

url VCID-bfmx-cwap-8yhp

vulnerability_id VCID-bfmx-cwap-8yhp

summary

Moodle allows attackers to cause a denial of service
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7847

reference_id

reference_type

scores

value	0.00734
scoring_system	epss
scoring_elements	0.73123
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7847

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/324b018bbce2f56198fe8808968bad6c8798710a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/324b018bbce2f56198fe8808968bad6c8798710a

reference_url

https://github.com/moodle/moodle/commit/35a60cbb382d78ddb9d54c772816db4c5007ca7e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/35a60cbb382d78ddb9d54c772816db4c5007ca7e

reference_url

https://github.com/moodle/moodle/commit/6ec47a64acf8576916c20dcbb436b0ae41a63440

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/6ec47a64acf8576916c20dcbb436b0ae41a63440

reference_url

https://github.com/moodle/moodle/commit/eb46bf2f4e80f4421255f6aee00b73448ba582a7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/eb46bf2f4e80f4421255f6aee00b73448ba582a7

reference_url

https://moodle.org/mod/forum/discuss.php?d=275158

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275158

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7847

reference_id

CVE-2014-7847

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7847

reference_url	https://github.com/advisories/GHSA-6vjg-2q57-rgfw
reference_id	GHSA-6vjg-2q57-rgfw
reference_type
scores
url	https://github.com/advisories/GHSA-6vjg-2q57-rgfw

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7847, GHSA-6vjg-2q57-rgfw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bfmx-cwap-8yhp

url VCID-krn6-pwk5-ake2

vulnerability_id VCID-krn6-pwk5-ake2

summary

Improper Input Validation
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9060

reference_id

reference_type

scores

value	0.00388
scoring_system	epss
scoring_elements	0.60228
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9060

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/15bde5352bd4bdb54105c0fdfd956c9ca420e4c6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/15bde5352bd4bdb54105c0fdfd956c9ca420e4c6

reference_url

https://github.com/moodle/moodle/commit/339c6eca3c881742178637cb41cc7ebbe4a3b6b0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/339c6eca3c881742178637cb41cc7ebbe4a3b6b0

reference_url

https://github.com/moodle/moodle/commit/44e712e9b72a30c6bc01112040854e91f5758605

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/44e712e9b72a30c6bc01112040854e91f5758605

reference_url

https://github.com/moodle/moodle/commit/edc89dfecb3f6891cea019baf2aecce51b3de41a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/edc89dfecb3f6891cea019baf2aecce51b3de41a

reference_url

https://moodle.org/mod/forum/discuss.php?d=275165

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275165

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9060

reference_id

CVE-2014-9060

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9060

reference_url	https://github.com/advisories/GHSA-c87j-9rrq-h3j8
reference_id	GHSA-c87j-9rrq-h3j8
reference_type
scores
url	https://github.com/advisories/GHSA-c87j-9rrq-h3j8

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-9060, GHSA-c87j-9rrq-h3j8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-krn6-pwk5-ake2

url VCID-kzwd-2e6n-fkbm

vulnerability_id VCID-kzwd-2e6n-fkbm

summary

Cross-Site Request Forgery (CSRF)
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod/lti/request_tool.php or (2) mod/lti/instructor_edit_tool_type.php request.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7836

reference_id

reference_type

scores

value	0.00173
scoring_system	epss
scoring_elements	0.3846
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7836

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/48ea41c48f3dcf28fb40fe0b0a1f0c4c0453d34d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/48ea41c48f3dcf28fb40fe0b0a1f0c4c0453d34d

reference_url

https://github.com/moodle/moodle/commit/75d7e25198eeb6255963e2e46212d89b14e05dd7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/75d7e25198eeb6255963e2e46212d89b14e05dd7

reference_url

https://github.com/moodle/moodle/commit/babaf596e10ee525e58314b36f8063c65b59aa7d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/babaf596e10ee525e58314b36f8063c65b59aa7d

reference_url

https://github.com/moodle/moodle/commit/bac38b11ab95862a831c6e6e60c03caf64eda599

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/bac38b11ab95862a831c6e6e60c03caf64eda599

reference_url

https://moodle.org/mod/forum/discuss.php?d=275162

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275162

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7836

reference_id

CVE-2014-7836

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7836

reference_url	https://github.com/advisories/GHSA-wpq5-q3mj-8f3r
reference_id	GHSA-wpq5-q3mj-8f3r
reference_type
scores
url	https://github.com/advisories/GHSA-wpq5-q3mj-8f3r

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7836, GHSA-wpq5-q3mj-8f3r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzwd-2e6n-fkbm

url VCID-rdfn-52p2-afa7

vulnerability_id VCID-rdfn-52p2-afa7

summary

Moodle Temporary Passwords are Brute Force-able
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7845

reference_id

reference_type

scores

value	0.00712
scoring_system	epss
scoring_elements	0.72672
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7845

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/04f2e83ce76cf931e6614497c1a7cc6c8afb9454

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/04f2e83ce76cf931e6614497c1a7cc6c8afb9454

reference_url

https://github.com/moodle/moodle/commit/3128901f99d41d9368e81ffc67f4bc0535221e02

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/3128901f99d41d9368e81ffc67f4bc0535221e02

reference_url

https://github.com/moodle/moodle/commit/40a04658232d898223462f84d8cd35510338acbe

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/40a04658232d898223462f84d8cd35510338acbe

reference_url

https://github.com/moodle/moodle/commit/ece03f3b13c5eefa7bb008401b9414eed620eebc

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ece03f3b13c5eefa7bb008401b9414eed620eebc

reference_url

https://moodle.org/mod/forum/discuss.php?d=275152

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275152

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7845

reference_id

CVE-2014-7845

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7845

reference_url	https://github.com/advisories/GHSA-9v64-447r-wch6
reference_id	GHSA-9v64-447r-wch6
reference_type
scores
url	https://github.com/advisories/GHSA-9v64-447r-wch6

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7845, GHSA-9v64-447r-wch6

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rdfn-52p2-afa7

url VCID-uvgt-7m5a-xkdc

vulnerability_id VCID-uvgt-7m5a-xkdc

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9059

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55344
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9059

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42

reference_url

https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a

reference_url

https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0

reference_url

https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6

reference_url

https://moodle.org/mod/forum/discuss.php?d=275146

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275146

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133

reference_url

http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9059

reference_id

CVE-2014-9059

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9059

reference_url	https://github.com/advisories/GHSA-crcq-pw8h-9xwf
reference_id	GHSA-crcq-pw8h-9xwf
reference_type
scores
url	https://github.com/advisories/GHSA-crcq-pw8h-9xwf

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-9059, GHSA-crcq-pw8h-9xwf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uvgt-7m5a-xkdc

url VCID-vda3-4fgr-gfbw

vulnerability_id VCID-vda3-4fgr-gfbw

summary

Moodle allows attackers to bypass the mod/lti:view capability requirement
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7832

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47692
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7832

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/263f78b8b804fe7dbcd6ffadcadad2c94a0093f7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/263f78b8b804fe7dbcd6ffadcadad2c94a0093f7

reference_url

https://github.com/moodle/moodle/commit/8e34d8e85b971a01459797799c0696cfeaae9cc0

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/8e34d8e85b971a01459797799c0696cfeaae9cc0

reference_url

https://github.com/moodle/moodle/commit/c844af2569e972195db8bca683c1fdf2ddbc3a59

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/c844af2569e972195db8bca683c1fdf2ddbc3a59

reference_url

https://github.com/moodle/moodle/commit/fe8430e0dc2a50ea8e03d709e95d1226631d0d52

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/fe8430e0dc2a50ea8e03d709e95d1226631d0d52

reference_url

https://moodle.org/mod/forum/discuss.php?d=275154

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275154

reference_url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7832

reference_id

CVE-2014-7832

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7832

reference_url	https://github.com/advisories/GHSA-mphj-h2fc-62x3
reference_id	GHSA-mphj-h2fc-62x3
reference_type
scores
url	https://github.com/advisories/GHSA-mphj-h2fc-62x3

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7832, GHSA-mphj-h2fc-62x3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vda3-4fgr-gfbw

url VCID-xnmk-jah2-ufce

vulnerability_id VCID-xnmk-jah2-ufce

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

references

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865

reference_url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/11/17/11

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7830

reference_id

reference_type

scores

value	0.00208
scoring_system	epss
scoring_elements	0.43123
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7830

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8

reference_url

https://github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e

reference_url

https://github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183

reference_url

https://github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c

reference_url

https://moodle.org/mod/forum/discuss.php?d=275147

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=275147

reference_url

https://web.archive.org/web/20200228175348/http://www.securityfocus.com/bid/71119

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228175348/http://www.securityfocus.com/bid/71119

reference_url

http://www.securitytracker.com/id/1031215

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1031215

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7830

reference_id

CVE-2014-7830

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7830

reference_url	https://github.com/advisories/GHSA-j4mr-vc54-h5pc
reference_id	GHSA-j4mr-vc54-h5pc
reference_type
scores
url	https://github.com/advisories/GHSA-j4mr-vc54-h5pc

fixed_packages

url pkg:composer/moodle/moodle@2.5.9

purl pkg:composer/moodle/moodle@2.5.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

url pkg:composer/moodle/moodle@2.6.6

purl pkg:composer/moodle/moodle@2.6.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.6

url pkg:composer/moodle/moodle@2.7.3

purl pkg:composer/moodle/moodle@2.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qhv1-wgpm-7fh6

vulnerability	VCID-r6kn-b963-eqge

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s6uu-335k-yfbc

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-yghg-775s-vber

vulnerability	VCID-zjrq-np3y-hua5

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.3

aliases CVE-2014-7830, GHSA-j4mr-vc54-h5pc

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xnmk-jah2-ufce

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.9

Package Instance