VulnerableCode Package Details - pkg:composer/moodle/moodle@2.8.7

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-37j1-ym2f-1fbc	Moodle open redirect vulnerability Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.	CVE-2015-3272 GHSA-2hw2-h3mf-c2j9
VCID-emu7-jhv2-zqb8	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.	CVE-2015-3274 GHSA-f7qm-q26p-6rr2
VCID-v6ha-ekxw-7bfr	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.	CVE-2015-3275 GHSA-6922-5v25-p8jg

Vulnerability

Summary

Aliases

VCID-37j1-ym2f-1fbc

Moodle open redirect vulnerability Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.

CVE-2015-3272
GHSA-2hw2-h3mf-c2j9

VCID-emu7-jhv2-zqb8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.

CVE-2015-3274
GHSA-f7qm-q26p-6rr2

VCID-v6ha-ekxw-7bfr

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.

CVE-2015-3275
GHSA-6922-5v25-p8jg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:43:04.186206+00:00	GitLab Importer	Fixing	VCID-v6ha-ekxw-7bfr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3275.yml	38.6.0
2026-06-02T04:43:00.743575+00:00	GitLab Importer	Fixing	VCID-emu7-jhv2-zqb8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3274.yml	38.6.0
2026-06-02T04:42:46.354505+00:00	GitLab Importer	Fixing	VCID-37j1-ym2f-1fbc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3272.yml	38.6.0