VulnerableCode Package Details - pkg:composer/moodle/moodle@2.6.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-46jw-xjbu-b3f1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.	CVE-2015-0212 GHSA-jj3j-mhgc-g4m4
VCID-5nfq-4syg-87da	Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.	CVE-2015-0218 GHSA-5jph-mvfm-r27p
VCID-95mq-m2jz-a3ab	Moodle allows attackers to cause a denial of service filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.	CVE-2015-0217 GHSA-p497-37fc-xvvc
VCID-9z66-z9af-17f7	Moodle allows attackers to bypass a messaging-disabled setting message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.	CVE-2015-0214 GHSA-4jm2-c9jr-6prf
VCID-a3pu-x51u-1udr	Exposure of Sensitive Information to an Unauthorized Actor calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.	CVE-2015-0215 GHSA-fr9m-pjmm-qx9f
VCID-aqc8-tmeg-9fdd	Cross-Site Request Forgery (CSRF) Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.	CVE-2015-0213 GHSA-hhq7-jf2p-hw9c
VCID-y2vh-7r7h-9ugu	Exposure of Sensitive Information to an Unauthorized Actor mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.	CVE-2015-0211 GHSA-frhc-9hwc-x7j3

Vulnerability

Summary

Aliases

VCID-46jw-xjbu-b3f1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

CVE-2015-0212
GHSA-jj3j-mhgc-g4m4

VCID-5nfq-4syg-87da

Cross-Site Request Forgery (CSRF) Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.

CVE-2015-0218
GHSA-5jph-mvfm-r27p

VCID-95mq-m2jz-a3ab

Moodle allows attackers to cause a denial of service filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.

CVE-2015-0217
GHSA-p497-37fc-xvvc

VCID-9z66-z9af-17f7

Moodle allows attackers to bypass a messaging-disabled setting message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.

CVE-2015-0214
GHSA-4jm2-c9jr-6prf

VCID-a3pu-x51u-1udr

Exposure of Sensitive Information to an Unauthorized Actor calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

CVE-2015-0215
GHSA-fr9m-pjmm-qx9f

VCID-aqc8-tmeg-9fdd

Cross-Site Request Forgery (CSRF) Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

CVE-2015-0213
GHSA-hhq7-jf2p-hw9c

VCID-y2vh-7r7h-9ugu

Exposure of Sensitive Information to an Unauthorized Actor mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.

CVE-2015-0211
GHSA-frhc-9hwc-x7j3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:42:50.669367+00:00	GitLab Importer	Fixing	VCID-a3pu-x51u-1udr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0215.yml	38.6.0
2026-06-02T04:42:48.065018+00:00	GitLab Importer	Fixing	VCID-aqc8-tmeg-9fdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0213.yml	38.6.0
2026-06-02T04:42:47.067586+00:00	GitLab Importer	Fixing	VCID-y2vh-7r7h-9ugu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0211.yml	38.6.0
2026-06-02T04:42:34.682235+00:00	GitLab Importer	Fixing	VCID-9z66-z9af-17f7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0214.yml	38.6.0
2026-06-02T04:42:34.487969+00:00	GitLab Importer	Fixing	VCID-95mq-m2jz-a3ab	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0217.yml	38.6.0
2026-06-02T04:42:33.771543+00:00	GitLab Importer	Fixing	VCID-5nfq-4syg-87da	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0218.yml	38.6.0
2026-06-02T04:42:33.431109+00:00	GitLab Importer	Fixing	VCID-46jw-xjbu-b3f1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-0212.yml	38.6.0