Search for packages
| purl | pkg:composer/moodle/moodle@1.9.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5brn-syjs-d3dp
Aliases: CVE-2010-1619 GHSA-hhxf-w8hj-43w6 |
Moodle vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. |
Affected by 0 other vulnerabilities. |
|
VCID-5d4e-5ngu-mfgy
Aliases: CVE-2010-2230 GHSA-3gm8-32vv-q8mp |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. |
Affected by 0 other vulnerabilities. |
|
VCID-6ed1-up33-77ex
Aliases: CVE-2008-5153 GHSA-x7r4-26m9-hmgq |
Moodle vulnerable to symlink attack `spell-check-logic.cgi` in Moodle 1.9 before 1.9.4, 1.8 before 1.8.8, 1.7 before 1.7.7 and 1.6 before 1.6.9 allows local users to overwrite arbitrary files via a symlink attack on the (1) `/tmp/spell-check-debug.log`, (2) `/tmp/spell-check-before`, or (3) `/tmp/spell-check-after` temporary file. |
Affected by 0 other vulnerabilities. |
|
VCID-9c4r-bgx4-nkgm
Aliases: CVE-2010-1617 GHSA-q53j-c866-h9mw |
Moodle doesn't properly check role user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. |
Affected by 0 other vulnerabilities. |
|
VCID-bav3-bmte-w3gr
Aliases: CVE-2011-4286 GHSA-86v9-gqh9-8268 |
Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k46m-rrbx-mkfc
Aliases: CVE-2010-1616 GHSA-966m-m549-2878 |
Moodle is vulnerable to unauthorized new accounts creation Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. |
Affected by 0 other vulnerabilities. |
|
VCID-kr6a-2jmv-t7dh
Aliases: CVE-2011-4283 GHSA-m3xp-4hf3-qfpp |
Moodle allows remote attackers to obtain sensitive information Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mp12-mrm4-rbby
Aliases: CVE-2013-1834 GHSA-prrh-679x-79qh |
Moodle allows remote authenticated users to reassign notes notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. |
Affected by 0 other vulnerabilities. Affected by 235 other vulnerabilities. Affected by 238 other vulnerabilities. |
|
VCID-q4tm-cf8e-dbhs
Aliases: CVE-2010-1618 GHSA-45ch-hxgr-vx8j |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. |
Affected by 0 other vulnerabilities. |
|
VCID-snna-e5qt-gfeh
Aliases: CVE-2010-1615 GHSA-9xp2-5fr9-7mwm |
Moodle vulnerable to SQL injection Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. |
Affected by 0 other vulnerabilities. |
|
VCID-sq2p-cv3p-gka5
Aliases: CVE-2011-4133 GHSA-7cvw-wrj9-q5fp |
Moodle vulnerable to Cross-Site Request Forgery Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. |
Affected by 0 other vulnerabilities. |
|
VCID-x2dc-hrjw-eqfh
Aliases: CVE-2010-1614 GHSA-5fgv-cvr8-xg48 |
Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||