VulnerableCode Package Details - pkg:composer/moodle/moodle@3.2.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/moodle/moodle@3.2.1

Essentials
History (6)

purl	pkg:composer/moodle/moodle@3.2.1

Next non-vulnerable version	3.2.9
Latest non-vulnerable version	3.11.6
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-2qjr-wjh1-8fh6 Aliases: CVE-2017-2643	Information Exposure In Moodle global search displays user names for unauthenticated users.	3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-dhku-uah4-ykh8 Aliases: CVE-2017-2641	SQL Injection An SQL injection can occur via user preferences.	3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-jn5n-6hg9-tyf7 Aliases: CVE-2017-2644	Cross-site Scripting An XSS can occur via evidence of prior learning.	3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x927-nh46-7fdy Aliases: CVE-2017-2645	Cross-site Scripting In Moodle, an XSS can occur via attachments to evidence of prior learning.	3.2.2 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (2)

Vulnerability	Summary	Aliases
VCID-65y9-9ur2-pugc	Improper Input Validation There is incorrect sanitization of attributes in forums.	CVE-2017-2576
VCID-e2zc-7ujn-wybu	Cross-site Scripting There is XSS in the assignment submission page.	CVE-2017-2578

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:36:49.748703+00:00	GitLab Importer	Affected by	VCID-2qjr-wjh1-8fh6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2643.yml	38.6.0
2026-06-02T04:36:49.700198+00:00	GitLab Importer	Affected by	VCID-x927-nh46-7fdy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2645.yml	38.6.0
2026-06-02T04:36:49.582536+00:00	GitLab Importer	Affected by	VCID-dhku-uah4-ykh8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2641.yml	38.6.0
2026-06-02T04:36:49.502622+00:00	GitLab Importer	Affected by	VCID-jn5n-6hg9-tyf7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2644.yml	38.6.0
2026-06-02T04:36:46.463654+00:00	GitLab Importer	Fixing	VCID-65y9-9ur2-pugc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2576.yml	38.6.0
2026-06-02T04:36:46.260969+00:00	GitLab Importer	Fixing	VCID-e2zc-7ujn-wybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-2578.yml	38.6.0