VulnerableCode Package Details - pkg:composer/moodle/moodle@2.8.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-62yh-cpfr-9bb1	Exposure of Sensitive Information to an Unauthorized Actor lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.	CVE-2015-3180 GHSA-688p-pgj4-77hh
VCID-g4hn-yz26-1beb	Moodle allows attackers to bypass intended login restrictions login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.	CVE-2015-3179 GHSA-4ppg-2mx6-fqx9
VCID-gvan-87dt-b7fp	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.	CVE-2015-3174 GHSA-6r7x-6q98-qcqp
VCID-n9uc-b76m-8fbs	Moodle allows attackers to bypass file-management restrictions files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.	CVE-2015-3181 GHSA-622h-cjgg-5mx6
VCID-s3bw-w61k-eqhy	Exposure of Sensitive Information to an Unauthorized Actor The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.	CVE-2015-3176 GHSA-fqrg-vmvj-jv3x
VCID-uptz-tj66-7yfk	Moodle Arbitrary Redirect Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.	CVE-2015-3175 GHSA-h798-h7ff-93xv
VCID-wavt-rrws-3yhs	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.	CVE-2015-3178 GHSA-9fmw-m4qx-6cq8

Vulnerability

Summary

Aliases

VCID-62yh-cpfr-9bb1

Exposure of Sensitive Information to an Unauthorized Actor lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.

CVE-2015-3180
GHSA-688p-pgj4-77hh

VCID-g4hn-yz26-1beb

Moodle allows attackers to bypass intended login restrictions login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.

CVE-2015-3179
GHSA-4ppg-2mx6-fqx9

VCID-gvan-87dt-b7fp

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

CVE-2015-3174
GHSA-6r7x-6q98-qcqp

VCID-n9uc-b76m-8fbs

Moodle allows attackers to bypass file-management restrictions files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.

CVE-2015-3181
GHSA-622h-cjgg-5mx6

VCID-s3bw-w61k-eqhy

Exposure of Sensitive Information to an Unauthorized Actor The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

CVE-2015-3176
GHSA-fqrg-vmvj-jv3x

VCID-uptz-tj66-7yfk

Moodle Arbitrary Redirect Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

CVE-2015-3175
GHSA-h798-h7ff-93xv

VCID-wavt-rrws-3yhs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

CVE-2015-3178
GHSA-9fmw-m4qx-6cq8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:04.733807+00:00	GitLab Importer	Fixing	VCID-g4hn-yz26-1beb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3179.yml	38.6.0
2026-06-02T04:43:03.752033+00:00	GitLab Importer	Fixing	VCID-62yh-cpfr-9bb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3180.yml	38.6.0
2026-06-02T04:42:54.784152+00:00	GitLab Importer	Fixing	VCID-gvan-87dt-b7fp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3174.yml	38.6.0
2026-06-02T04:42:47.695700+00:00	GitLab Importer	Fixing	VCID-uptz-tj66-7yfk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3175.yml	38.6.0
2026-06-02T04:42:46.719812+00:00	GitLab Importer	Fixing	VCID-wavt-rrws-3yhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3178.yml	38.6.0
2026-06-02T04:42:46.224568+00:00	GitLab Importer	Fixing	VCID-n9uc-b76m-8fbs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3181.yml	38.6.0
2026-06-02T04:42:38.397726+00:00	GitLab Importer	Fixing	VCID-s3bw-w61k-eqhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3176.yml	38.6.0