{"url":"http://public2.vulnerablecode.io/api/packages/52550?format=json","purl":"pkg:composer/moodle/moodle@2.8.0","type":"composer","namespace":"moodle","name":"moodle","version":"2.8.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.8.2","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43619?format=json","vulnerability_id":"VCID-1z6j-fs6f-eua1","summary":"Moodle allows attackers to obtain manager privileges\nThe enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744"},{"reference_url":"https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/936facab28d8d8bd03f38da42cb80fafba1a06db"},{"reference_url":"https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ab006d43e48add8e5495141d4d750c1531772ca2"},{"reference_url":"https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dff6cdc88355f22ebaaf8f00c44a1ad51d272344"},{"reference_url":"https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f7fbc80766b72ed1c9915698edd443ee8f6eafbd"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320290","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320290"},{"reference_url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5266","reference_id":"CVE-2015-5266","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5266"},{"reference_url":"https://github.com/advisories/GHSA-454r-4cjv-vc9h","reference_id":"GHSA-454r-4cjv-vc9h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-454r-4cjv-vc9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5266","GHSA-454r-4cjv-vc9h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1z6j-fs6f-eua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43347?format=json","vulnerability_id":"VCID-2y3m-yuaj-vkf2","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e"},{"reference_url":"https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7"},{"reference_url":"https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f"},{"reference_url":"https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307387","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307387"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2273","reference_id":"CVE-2015-2273","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2273"},{"reference_url":"https://github.com/advisories/GHSA-w77v-xpxr-c6pv","reference_id":"GHSA-w77v-xpxr-c6pv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w77v-xpxr-c6pv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2273","GHSA-w77v-xpxr-c6pv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2y3m-yuaj-vkf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43529?format=json","vulnerability_id":"VCID-37j1-ym2f-1fbc","summary":"Moodle open redirect vulnerability\nOpen redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2"},{"reference_url":"https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5"},{"reference_url":"https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f"},{"reference_url":"https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316662","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316662"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3272","reference_id":"CVE-2015-3272","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3272"},{"reference_url":"https://github.com/advisories/GHSA-2hw2-h3mf-c2j9","reference_id":"GHSA-2hw2-h3mf-c2j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hw2-h3mf-c2j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3272","GHSA-2hw2-h3mf-c2j9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37j1-ym2f-1fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=json","vulnerability_id":"VCID-37pj-u3gh-n7fd","summary":"Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330181","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190","reference_id":"CVE-2016-2190","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38035?format=json","vulnerability_id":"VCID-3kq3-v2u1-fyhz","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `search_pagination` function in `course/classes/management_renderer.php` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=326206","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=326206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0725","reference_id":"CVE-2016-0725","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52556?format=json","purl":"pkg:composer/moodle/moodle@2.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52557?format=json","purl":"pkg:composer/moodle/moodle@2.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52558?format=json","purl":"pkg:composer/moodle/moodle@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"}],"aliases":["CVE-2016-0725"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kq3-v2u1-fyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43373?format=json","vulnerability_id":"VCID-46jw-xjbu-b3f1","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5"},{"reference_url":"https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6"},{"reference_url":"https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232"},{"reference_url":"https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278612","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278612"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0212","reference_id":"CVE-2015-0212","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0212"},{"reference_url":"https://github.com/advisories/GHSA-jj3j-mhgc-g4m4","reference_id":"GHSA-jj3j-mhgc-g4m4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jj3j-mhgc-g4m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0212","GHSA-jj3j-mhgc-g4m4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46jw-xjbu-b3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43369?format=json","vulnerability_id":"VCID-4cx7-eaax-8uhr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMoodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085"},{"reference_url":"https://github.com/moodle/moodle/commit/c73f6d03e5037729097bb9f5f5a55be15f3cab18","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c73f6d03e5037729097bb9f5f5a55be15f3cab18"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323232","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323232"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5337","reference_id":"CVE-2015-5337","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5337"},{"reference_url":"https://github.com/advisories/GHSA-2hw6-6rgf-726v","reference_id":"GHSA-2hw6-6rgf-726v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hw6-6rgf-726v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5337","GHSA-2hw6-6rgf-726v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cx7-eaax-8uhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=json","vulnerability_id":"VCID-4kq5-ctsv-eka8","summary":"Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733","reference_id":"CVE-2016-3733","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43667?format=json","vulnerability_id":"VCID-5hx1-9xbg-g3fn","summary":"Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808"},{"reference_url":"https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd"},{"reference_url":"https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94"},{"reference_url":"https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf"},{"reference_url":"https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3"},{"reference_url":"https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330178","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330178"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2156","reference_id":"CVE-2016-2156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2156"},{"reference_url":"https://github.com/advisories/GHSA-h8vc-v44p-5r2q","reference_id":"GHSA-h8vc-v44p-5r2q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h8vc-v44p-5r2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2156","GHSA-h8vc-v44p-5r2q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hx1-9xbg-g3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43378?format=json","vulnerability_id":"VCID-5nfq-4syg-87da","summary":"Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654"},{"reference_url":"https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9"},{"reference_url":"https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612"},{"reference_url":"https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278618","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278618"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0218","reference_id":"CVE-2015-0218","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0218"},{"reference_url":"https://github.com/advisories/GHSA-5jph-mvfm-r27p","reference_id":"GHSA-5jph-mvfm-r27p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5jph-mvfm-r27p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0218","GHSA-5jph-mvfm-r27p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfq-4syg-87da"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43491?format=json","vulnerability_id":"VCID-5vx4-qtb2-fqe9","summary":"Moodle allows attackers to obtain sensitive course information\nlib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1edd3d6fbfcc7ac757579a7953f03e3401c0c32d"},{"reference_url":"https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4ab4ec652cb7768a058eca7f69362e76d9ee0c62"},{"reference_url":"https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5f0bfb120f4a769518a77eff06fedc67c6040494"},{"reference_url":"https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cd060b5fe2b5d90ff87d3b345e5f802ef143f883"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307384","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307384"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2270","reference_id":"CVE-2015-2270","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2270"},{"reference_url":"https://github.com/advisories/GHSA-fp4h-j22r-vwcv","reference_id":"GHSA-fp4h-j22r-vwcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fp4h-j22r-vwcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2270","GHSA-fp4h-j22r-vwcv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5vx4-qtb2-fqe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43737?format=json","vulnerability_id":"VCID-62yh-cpfr-9bb1","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nlib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16"},{"reference_url":"https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e"},{"reference_url":"https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0"},{"reference_url":"https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313687","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313687"},{"reference_url":"https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729"},{"reference_url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3180","reference_id":"CVE-2015-3180","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3180"},{"reference_url":"https://github.com/advisories/GHSA-688p-pgj4-77hh","reference_id":"GHSA-688p-pgj4-77hh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-688p-pgj4-77hh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3180","GHSA-688p-pgj4-77hh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-62yh-cpfr-9bb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38453?format=json","vulnerability_id":"VCID-65y9-9ur2-pugc","summary":"Improper Input Validation\nThere is incorrect sanitization of attributes in forums.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=345912","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=345912"},{"reference_url":"http://www.securityfocus.com/bid/95649","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576","reference_id":"CVE-2017-2576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53209?format=json","purl":"pkg:composer/moodle/moodle@3.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-vtq4-fpr8-hudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53201?format=json","purl":"pkg:composer/moodle/moodle@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-vtq4-fpr8-hudb"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53202?format=json","purl":"pkg:composer/moodle/moodle@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qjr-wjh1-8fh6"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1"}],"aliases":["CVE-2017-2576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43762?format=json","vulnerability_id":"VCID-7rut-8dau-e3cp","summary":"Moodle allows attackers to modify \"Exclude grade\" settings\nThe grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify \"Exclude grade\" settings by leveraging the Non-Editing Instructor role.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378"},{"reference_url":"https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3328dc32a75d6aa4bc92865fa236dc6d52dcb7bf"},{"reference_url":"https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5208032b23b7999d7048a3da7a4b70c038d93506"},{"reference_url":"https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/71beedee8c82c378ed10a0569c8b19ec641df9e3"},{"reference_url":"https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ad67b7eeea4abf194eb432d5958e9a7032ee2c25"},{"reference_url":"https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ae66ed23b6ae8000efd4e1f612697892c9795c65"},{"reference_url":"https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b74d0f8404651d9ad0d97fd7eb58a94079342eb3"},{"reference_url":"https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c7f7b18adecb4a80c4f3defee31e72e591133693"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330177","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330177"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2155","reference_id":"CVE-2016-2155","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2155"},{"reference_url":"https://github.com/advisories/GHSA-32hg-73hp-vwc8","reference_id":"GHSA-32hg-73hp-vwc8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-32hg-73hp-vwc8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2155","GHSA-32hg-73hp-vwc8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rut-8dau-e3cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43702?format=json","vulnerability_id":"VCID-8cc1-hbzm-87bx","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/17/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/05/17/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3732","reference_id":"CVE-2016-3732","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3732"},{"reference_url":"https://github.com/advisories/GHSA-5282-96ff-xx3h","reference_id":"GHSA-5282-96ff-xx3h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5282-96ff-xx3h"}],"fixed_packages":[],"aliases":["CVE-2016-3732","GHSA-5282-96ff-xx3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cc1-hbzm-87bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43385?format=json","vulnerability_id":"VCID-95mq-m2jz-a3ab","summary":"Moodle allows attackers to cause a denial of service\nfilter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19"},{"reference_url":"https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4"},{"reference_url":"https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f"},{"reference_url":"https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146"},{"reference_url":"https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a"},{"reference_url":"https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166"},{"reference_url":"https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278617","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278617"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0217","reference_id":"CVE-2015-0217","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0217"},{"reference_url":"https://github.com/advisories/GHSA-p497-37fc-xvvc","reference_id":"GHSA-p497-37fc-xvvc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p497-37fc-xvvc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0217","GHSA-p497-37fc-xvvc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-95mq-m2jz-a3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43388?format=json","vulnerability_id":"VCID-9z66-z9af-17f7","summary":"Moodle allows attackers to bypass a messaging-disabled setting\nmessage/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56"},{"reference_url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90"},{"reference_url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6"},{"reference_url":"https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278614","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278614"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0214","reference_id":"CVE-2015-0214","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0214"},{"reference_url":"https://github.com/advisories/GHSA-4jm2-c9jr-6prf","reference_id":"GHSA-4jm2-c9jr-6prf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4jm2-c9jr-6prf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0214","GHSA-4jm2-c9jr-6prf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9z66-z9af-17f7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43578?format=json","vulnerability_id":"VCID-a34q-gbqw-1bbr","summary":"Moodle allows attackers to bypass intended access restrictions\nThe choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569"},{"reference_url":"https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/02d8c8ca394ba053905f9b87c155042aabf0ce1b"},{"reference_url":"https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/09bb6f19e5814deb25ae6ceb8270063430b8941f"},{"reference_url":"https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5c16db4fc561c97b6a907398ea081cdaf6590214"},{"reference_url":"https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6283c33979001b035f9fc565b869296f66a61c4e"},{"reference_url":"https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7ca8c34045eb0d2031652b452492fe4abb2c7c8a"},{"reference_url":"https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/97394274ee29f0a6eecab330b5bbb8ee335e7ece"},{"reference_url":"https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/bdaa571437c6357f322871b068f02a4520b7a23d"},{"reference_url":"https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fb2491effb1a7d5d7abb0efba5b3929342990514"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323237","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323237"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5342","reference_id":"CVE-2015-5342","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5342"},{"reference_url":"https://github.com/advisories/GHSA-6xpm-q8x9-j3rw","reference_id":"GHSA-6xpm-q8x9-j3rw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6xpm-q8x9-j3rw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5342","GHSA-6xpm-q8x9-j3rw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a34q-gbqw-1bbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43579?format=json","vulnerability_id":"VCID-a3pu-x51u-1udr","summary":"Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90"},{"reference_url":"https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788"},{"reference_url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6"},{"reference_url":"https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278615","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278615"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0215","reference_id":"CVE-2015-0215","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0215"},{"reference_url":"https://github.com/advisories/GHSA-fr9m-pjmm-qx9f","reference_id":"GHSA-fr9m-pjmm-qx9f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fr9m-pjmm-qx9f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0215","GHSA-fr9m-pjmm-qx9f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a3pu-x51u-1udr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=json","vulnerability_id":"VCID-an53-nu91-k3d7","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330174","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152","reference_id":"CVE-2016-2152","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43551?format=json","vulnerability_id":"VCID-aqc8-tmeg-9fdd","summary":"Cross-Site Request Forgery (CSRF)\nMultiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90"},{"reference_url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6"},{"reference_url":"https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278613","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278613"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0213","reference_id":"CVE-2015-0213","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0213"},{"reference_url":"https://github.com/advisories/GHSA-hhq7-jf2p-hw9c","reference_id":"GHSA-hhq7-jf2p-hw9c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hhq7-jf2p-hw9c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0213","GHSA-hhq7-jf2p-hw9c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqc8-tmeg-9fdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43633?format=json","vulnerability_id":"VCID-b9ej-hx7z-1bb8","summary":"Moodle sensitive information disclosure\nMoodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) `badges/overview.php` or (2) `badges/view.php`.","references":[{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/47d5c29202e299fdbe54229d3f6b0c381835eae3"},{"reference_url":"https://github.com/moodle/moodle/commit/65734f149f3c7e6cce9402f51f9a97deb31170db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/65734f149f3c7e6cce9402f51f9a97deb31170db"},{"reference_url":"https://github.com/moodle/moodle/commit/7cff64fdbfff749e779cb625fbddcce737355100","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7cff64fdbfff749e779cb625fbddcce737355100"},{"reference_url":"https://github.com/moodle/moodle/commit/d41fa94a69bebeca69a4cd5332bb9569cfd87b99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d41fa94a69bebeca69a4cd5332bb9569cfd87b99"},{"reference_url":"https://github.com/moodle/moodle/commit/d70f610615242c5c7b3ae0bf7ef6868520dcd850","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d70f610615242c5c7b3ae0bf7ef6868520dcd850"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323235","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323235"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5340","reference_id":"CVE-2015-5340","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5340"},{"reference_url":"https://github.com/advisories/GHSA-mmvj-j7hq-rx85","reference_id":"GHSA-mmvj-j7hq-rx85","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mmvj-j7hq-rx85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5340","GHSA-mmvj-j7hq-rx85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9ej-hx7z-1bb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43434?format=json","vulnerability_id":"VCID-d3yp-gq4c-vyf8","summary":"Moodle does not consider the moodle/tag:flag capability\ntag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the \"Flag as inappropriate\" feature.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1a344ea46f4bdedf6b8c87ae9a419e0617e1ac27"},{"reference_url":"https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/64e2179478849ec09c3537716e70ae8a1684b58b"},{"reference_url":"https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8b4e370840dad1ec4ca6c7cef8a4d6b78e0458b7"},{"reference_url":"https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b771b31e20cbf3d39aab877c648cf387e77173ba"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307385","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307385"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2271","reference_id":"CVE-2015-2271","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2271"},{"reference_url":"https://github.com/advisories/GHSA-v3wp-35g3-m9mm","reference_id":"GHSA-v3wp-35g3-m9mm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v3wp-35g3-m9mm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2271","GHSA-v3wp-35g3-m9mm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3yp-gq4c-vyf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43576?format=json","vulnerability_id":"VCID-dnya-ef8u-6bg1","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nadmin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167"},{"reference_url":"https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/214950de2a4149f0efeabf62b0978901c1c68015"},{"reference_url":"https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/406a0efd3720d3b9214508b2e47b8f4401061312"},{"reference_url":"https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/475362630ba4c5073a05b1c81caf3a7f3f373cd1"},{"reference_url":"https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4e5732e7fe0e9363618039d434cb5b774a8772b0"},{"reference_url":"https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/89b97390d0bedd2567d61723f76caa222026d5fb"},{"reference_url":"https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ff7bacf32bbe148a7ab6db3b5fa69e106e54d6a4"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330176","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330176"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2154","reference_id":"CVE-2016-2154","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2154"},{"reference_url":"https://github.com/advisories/GHSA-fmq9-58q4-xjw5","reference_id":"GHSA-fmq9-58q4-xjw5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fmq9-58q4-xjw5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2154","GHSA-fmq9-58q4-xjw5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dnya-ef8u-6bg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=json","vulnerability_id":"VCID-eaqp-7abt-6kg9","summary":"Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330182","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159","reference_id":"CVE-2016-2159","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2159"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43703?format=json","vulnerability_id":"VCID-emu7-jhv2-zqb8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8"},{"reference_url":"https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36"},{"reference_url":"https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b"},{"reference_url":"https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316664","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316664"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3274","reference_id":"CVE-2015-3274","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3274"},{"reference_url":"https://github.com/advisories/GHSA-f7qm-q26p-6rr2","reference_id":"GHSA-f7qm-q26p-6rr2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f7qm-q26p-6rr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3274","GHSA-f7qm-q26p-6rr2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emu7-jhv2-zqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43707?format=json","vulnerability_id":"VCID-evke-m8nn-6ua3","summary":"Moodle allows attackers to enter additional answer attempts\nThe lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516"},{"reference_url":"https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3071f085918dfeabb154596362dab2648ec6ad84"},{"reference_url":"https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/343ed5b929ff8a68efe076505cd3e52d951f7869"},{"reference_url":"https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/39b50f7d3eea43266a3d0c09590e48624e69a091"},{"reference_url":"https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/67e3f70bb11382fc0f1eaf1a160c349269e370cc"},{"reference_url":"https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9d5b339126586eddeced463c81295146e231a3c4"},{"reference_url":"https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9fd13426926fd882d3f024cb7171802ef2b3814d"},{"reference_url":"https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ca74203efd51be6467091d9af762a31a7cad5840"},{"reference_url":"https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cd3a6a78b67abf5c9eb355ddc7899b1b2a9b20ac"},{"reference_url":"https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e7288eaabe77e04157f702b20fd0a7e9ce7067ca"},{"reference_url":"https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f9cc721dfd761ee34209cf58838079b9b550b356"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320287","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320287"},{"reference_url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5264","reference_id":"CVE-2015-5264","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5264"},{"reference_url":"https://github.com/advisories/GHSA-mm9q-3847-m48x","reference_id":"GHSA-mm9q-3847-m48x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mm9q-3847-m48x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5264","GHSA-mm9q-3847-m48x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-evke-m8nn-6ua3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43637?format=json","vulnerability_id":"VCID-fpuj-f6nx-n7a9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709"},{"reference_url":"https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980"},{"reference_url":"https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8"},{"reference_url":"https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50"},{"reference_url":"https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320293","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320293"},{"reference_url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5269","reference_id":"CVE-2015-5269","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5269"},{"reference_url":"https://github.com/advisories/GHSA-5729-822w-j342","reference_id":"GHSA-5729-822w-j342","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5729-822w-j342"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5269","GHSA-5729-822w-j342"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fpuj-f6nx-n7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38450?format=json","vulnerability_id":"VCID-fsex-f512-pudv","summary":"Injection Vulnerability\nIn Moodle, text injection can occur in email headers, potentially leading to outbound spam.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336698","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336698"},{"reference_url":"http://www.securityfocus.com/bid/92040","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013","reference_id":"CVE-2016-5013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43752?format=json","vulnerability_id":"VCID-g4hn-yz26-1beb","summary":"Moodle allows attackers to bypass intended login restrictions\nlogin/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937"},{"reference_url":"https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc"},{"reference_url":"https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0"},{"reference_url":"https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313686","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313686"},{"reference_url":"https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725"},{"reference_url":"https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3179","reference_id":"CVE-2015-3179","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3179"},{"reference_url":"https://github.com/advisories/GHSA-4ppg-2mx6-fqx9","reference_id":"GHSA-4ppg-2mx6-fqx9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4ppg-2mx6-fqx9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3179","GHSA-4ppg-2mx6-fqx9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4hn-yz26-1beb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43627?format=json","vulnerability_id":"VCID-gvan-87dt-b7fp","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nmod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d"},{"reference_url":"https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99"},{"reference_url":"https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762"},{"reference_url":"https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313681","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313681"},{"reference_url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358"},{"reference_url":"http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3174","reference_id":"CVE-2015-3174","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3174"},{"reference_url":"https://github.com/advisories/GHSA-6r7x-6q98-qcqp","reference_id":"GHSA-6r7x-6q98-qcqp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r7x-6q98-qcqp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3174","GHSA-6r7x-6q98-qcqp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gvan-87dt-b7fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43411?format=json","vulnerability_id":"VCID-hbky-xx53-vkct","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ead8b28f92da72fb836cf9183aaf6f11a7eb1a21"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307383","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307383"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2269","reference_id":"CVE-2015-2269","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2269"},{"reference_url":"https://github.com/advisories/GHSA-cp39-43xr-2wrp","reference_id":"GHSA-cp39-43xr-2wrp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cp39-43xr-2wrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2269","GHSA-cp39-43xr-2wrp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbky-xx53-vkct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43733?format=json","vulnerability_id":"VCID-j11s-2mhg-pfdn","summary":"Improper Access Control\nmdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/12a8fcb5e45c58ee8267ad0472852c2b80a19878"},{"reference_url":"https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/240e7be7341afa31096fdbf3f242a7966f6237ab"},{"reference_url":"https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4475f1e478370fb97933127ec60e40f39e285da1"},{"reference_url":"https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/76da7e9bc88669eab62f83f04639ba356a0b0c5a"},{"reference_url":"https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/83866c3c2a5b1391317172eea0b4f017c6d142d2"},{"reference_url":"https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/84f9f60b67e1e20058fbe2afa473607d075aff63"},{"reference_url":"https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8d9bdd28e049ca6b6b2a4ab8f142097c2f907df6"},{"reference_url":"https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a47aabc7833d0c88a83791d99a1204742c33f59b"},{"reference_url":"https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c353a6202658f320096a41e94494063393153b7f"},{"reference_url":"https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/de169b7944e36d374d55e3f396d90ab2b4303afb"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307381","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307381"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2267","reference_id":"CVE-2015-2267","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2267"},{"reference_url":"https://github.com/advisories/GHSA-cm4r-58pj-h2ph","reference_id":"GHSA-cm4r-58pj-h2ph","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cm4r-58pj-h2ph"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2267","GHSA-cm4r-58pj-h2ph"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j11s-2mhg-pfdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43441?format=json","vulnerability_id":"VCID-jc19-ee46-4uh3","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nlib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860"},{"reference_url":"https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/289bc7f9e3022918b4cfd2cc9851472f0cea2896"},{"reference_url":"https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5337b2295237958c93b6c65fa595859aaa7bf257"},{"reference_url":"https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6e8224365ffcdf328458ea7852dc62574e806119"},{"reference_url":"https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e4ac3879c2d1f8fe66caa74ff1544248bccef61e"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320291","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320291"},{"reference_url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5267","reference_id":"CVE-2015-5267","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5267"},{"reference_url":"https://github.com/advisories/GHSA-382v-gxj9-ffhc","reference_id":"GHSA-382v-gxj9-ffhc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-382v-gxj9-ffhc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5267","GHSA-382v-gxj9-ffhc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc19-ee46-4uh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43662?format=json","vulnerability_id":"VCID-jcnw-cwmz-w7cz","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861"},{"reference_url":"https://github.com/moodle/moodle/commit/12bc713081dc24b6eedea54281876e7c3f5579a6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/12bc713081dc24b6eedea54281876e7c3f5579a6"},{"reference_url":"https://github.com/moodle/moodle/commit/512633461ae239677342b40d318803e15e1fd1aa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/512633461ae239677342b40d318803e15e1fd1aa"},{"reference_url":"https://github.com/moodle/moodle/commit/b26b2407908abb1a8a4d37aebc18e03139c9776f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b26b2407908abb1a8a4d37aebc18e03139c9776f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323234","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323234"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5339","reference_id":"CVE-2015-5339","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5339"},{"reference_url":"https://github.com/advisories/GHSA-gmhr-6f43-7qpj","reference_id":"GHSA-gmhr-6f43-7qpj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gmhr-6f43-7qpj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5339","GHSA-gmhr-6f43-7qpj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnw-cwmz-w7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=json","vulnerability_id":"VCID-k6pw-51st-b3d2","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330175","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153","reference_id":"CVE-2016-2153","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=json","vulnerability_id":"VCID-kgvw-uxf4-wbc1","summary":"Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securityfocus.com/bid/91281","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91281"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734","reference_id":"CVE-2016-3734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43390?format=json","vulnerability_id":"VCID-m6zk-p84r-vbh5","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nmod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50837"},{"reference_url":"https://github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/03b1f63d40d09c206f641b246110c2371d3068a2"},{"reference_url":"https://github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3d58fd5841308018b32ca78206c74f27c4d4b9c3"},{"reference_url":"https://github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5f65bb2e436620f9026b363484294299c2327740"},{"reference_url":"https://github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d01512e36c449f52ddc5e41db567d8f375fc153d"},{"reference_url":"https://github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d28eedd5363b4f081f9e66d0c9014d84792a89d7"},{"reference_url":"https://github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f1178ebcd9cf1c149892335c52f6ccad066e3e05"},{"reference_url":"https://github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fe9bd2b8bb73e958067f2bdb227a8d0e7cffbcda"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323236","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323236"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5341","reference_id":"CVE-2015-5341","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5341"},{"reference_url":"https://github.com/advisories/GHSA-c2r4-f8qv-2v7v","reference_id":"GHSA-c2r4-f8qv-2v7v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c2r4-f8qv-2v7v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5341","GHSA-c2r4-f8qv-2v7v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m6zk-p84r-vbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43527?format=json","vulnerability_id":"VCID-n9uc-b76m-8fbs","summary":"Moodle allows attackers to bypass file-management restrictions\nfiles/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171"},{"reference_url":"https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0"},{"reference_url":"https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f"},{"reference_url":"https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313688","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313688"},{"reference_url":"https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728"},{"reference_url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3181","reference_id":"CVE-2015-3181","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3181"},{"reference_url":"https://github.com/advisories/GHSA-622h-cjgg-5mx6","reference_id":"GHSA-622h-cjgg-5mx6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-622h-cjgg-5mx6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3181","GHSA-622h-cjgg-5mx6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n9uc-b76m-8fbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43721?format=json","vulnerability_id":"VCID-nfdb-m7rg-47ca","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nmessage/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/2924ba1c73f9ed3d525987807f9d289b3eb38154","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/2924ba1c73f9ed3d525987807f9d289b3eb38154"},{"reference_url":"https://github.com/moodle/moodle/commit/553319be03c4ef8e62499841c8d5d94c6786ed6d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/553319be03c4ef8e62499841c8d5d94c6786ed6d"},{"reference_url":"https://github.com/moodle/moodle/commit/c35df119a560e22d9e17f833b736b710b96431d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c35df119a560e22d9e17f833b736b710b96431d9"},{"reference_url":"https://github.com/moodle/moodle/commit/eb45017b61e35bcab8c35e2c544b1e4144ca1f16","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/eb45017b61e35bcab8c35e2c544b1e4144ca1f16"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307380","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307380"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2266","reference_id":"CVE-2015-2266","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2266"},{"reference_url":"https://github.com/advisories/GHSA-35pr-gqm6-r366","reference_id":"GHSA-35pr-gqm6-r366","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-35pr-gqm6-r366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2266","GHSA-35pr-gqm6-r366"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfdb-m7rg-47ca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43673?format=json","vulnerability_id":"VCID-qtt4-455b-abb6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336699","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336699"},{"reference_url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014","reference_id":"CVE-2016-5014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014"},{"reference_url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg","reference_id":"GHSA-c4cq-v4wp-28hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5014","GHSA-c4cq-v4wp-28hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43418?format=json","vulnerability_id":"VCID-r3f7-9paf-83ht","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc"},{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980"},{"reference_url":"http://openwall.com/lists/oss-security/2015/02/04/15","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/02/04/15"},{"reference_url":"http://openwall.com/lists/oss-security/2015/02/09/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/02/09/2"},{"reference_url":"https://github.com/moodle/moodle/commit/0289be1321babfa588fb5b18ebb08a296eed9eee","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0289be1321babfa588fb5b18ebb08a296eed9eee"},{"reference_url":"https://github.com/moodle/moodle/commit/a72f2cca7f08c354c18a3923c3f05eee50bdd434","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a72f2cca7f08c354c18a3923c3f05eee50bdd434"},{"reference_url":"https://github.com/moodle/moodle/commit/af9a7937cc085f96bdbc4724cadec6eeae0242fc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/af9a7937cc085f96bdbc4724cadec6eeae0242fc"},{"reference_url":"https://github.com/moodle/moodle/commit/cc496f5b27d36a8df4bcede997a484eb9719363b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cc496f5b27d36a8df4bcede997a484eb9719363b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=279956","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=279956"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1493","reference_id":"CVE-2015-1493","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1493"},{"reference_url":"https://github.com/advisories/GHSA-gphj-63h8-r9vq","reference_id":"GHSA-gphj-63h8-r9vq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gphj-63h8-r9vq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62260?format=json","purl":"pkg:composer/moodle/moodle@2.8.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.3"}],"aliases":["CVE-2015-1493","GHSA-gphj-63h8-r9vq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r3f7-9paf-83ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43398?format=json","vulnerability_id":"VCID-rscq-xx52-2ua8","summary":"Moodle allows attackers to cause a denial of service\nfilter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466"},{"reference_url":"http://openwall.com/lists/oss-security/2015/03/16/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/03/16/1"},{"reference_url":"https://github.com/moodle/moodle/commit/07323f50ffc71f8ba1b2914ec8947451e32a61c1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/07323f50ffc71f8ba1b2914ec8947451e32a61c1"},{"reference_url":"https://github.com/moodle/moodle/commit/12ba38e725440eda73301d1dd354583c26d2c65d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/12ba38e725440eda73301d1dd354583c26d2c65d"},{"reference_url":"https://github.com/moodle/moodle/commit/1b249517781dbb49aa19040d7bb6d446d325bf8e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1b249517781dbb49aa19040d7bb6d446d325bf8e"},{"reference_url":"https://github.com/moodle/moodle/commit/5219605a81b494c5bb6210ade3ea02d16b1c0d06","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5219605a81b494c5bb6210ade3ea02d16b1c0d06"},{"reference_url":"https://github.com/moodle/moodle/commit/71ab589855e6ce9fa9a30051f8efd6153284344e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/71ab589855e6ce9fa9a30051f8efd6153284344e"},{"reference_url":"https://github.com/moodle/moodle/commit/82406581afc4fa6e18051900434004d8563cf5c0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/82406581afc4fa6e18051900434004d8563cf5c0"},{"reference_url":"https://github.com/moodle/moodle/commit/fdab8c0a518357253ad26bd2f113d7393adf418a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fdab8c0a518357253ad26bd2f113d7393adf418a"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307382","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307382"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2268","reference_id":"CVE-2015-2268","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2268"},{"reference_url":"https://github.com/advisories/GHSA-36cm-vrqh-8p98","reference_id":"GHSA-36cm-vrqh-8p98","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-36cm-vrqh-8p98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2268","GHSA-36cm-vrqh-8p98"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rscq-xx52-2ua8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43716?format=json","vulnerability_id":"VCID-ryws-mr9v-7yfp","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nlib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774"},{"reference_url":"https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a"},{"reference_url":"https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261"},{"reference_url":"https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184"},{"reference_url":"https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e"},{"reference_url":"https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330180","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330180"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2158","reference_id":"CVE-2016-2158","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2158"},{"reference_url":"https://github.com/advisories/GHSA-m882-j7gq-v9p7","reference_id":"GHSA-m882-j7gq-v9p7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m882-j7gq-v9p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2158","GHSA-m882-j7gq-v9p7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryws-mr9v-7yfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43437?format=json","vulnerability_id":"VCID-s3bw-w61k-eqhy","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645"},{"reference_url":"https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406"},{"reference_url":"https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3"},{"reference_url":"https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313683","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313683"},{"reference_url":"https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644"},{"reference_url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3176","reference_id":"CVE-2015-3176","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3176"},{"reference_url":"https://github.com/advisories/GHSA-fqrg-vmvj-jv3x","reference_id":"GHSA-fqrg-vmvj-jv3x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fqrg-vmvj-jv3x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3176","GHSA-fqrg-vmvj-jv3x"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3bw-w61k-eqhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=json","vulnerability_id":"VCID-s3ue-e5h8-f3dy","summary":"Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729","reference_id":"CVE-2016-3729","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43712?format=json","vulnerability_id":"VCID-sa6m-ecv7-x3ew","summary":"Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031"},{"reference_url":"https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3"},{"reference_url":"https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287"},{"reference_url":"https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4"},{"reference_url":"https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb"},{"reference_url":"https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330179","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330179"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2157","reference_id":"CVE-2016-2157","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2157"},{"reference_url":"https://github.com/advisories/GHSA-f5pm-c4cw-563p","reference_id":"GHSA-f5pm-c4cw-563p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f5pm-c4cw-563p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2157","GHSA-f5pm-c4cw-563p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sa6m-ecv7-x3ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43402?format=json","vulnerability_id":"VCID-t214-wxz7-a3df","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940"},{"reference_url":"https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223"},{"reference_url":"https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88"},{"reference_url":"https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6"},{"reference_url":"https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951"},{"reference_url":"https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0"},{"reference_url":"https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9"},{"reference_url":"https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323231","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323231"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5336","reference_id":"CVE-2015-5336","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5336"},{"reference_url":"https://github.com/advisories/GHSA-grvw-qq2j-r898","reference_id":"GHSA-grvw-qq2j-r898","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-grvw-qq2j-r898"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5336","GHSA-grvw-qq2j-r898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t214-wxz7-a3df"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43753?format=json","vulnerability_id":"VCID-tmwc-f872-mufw","summary":"Moodle allows attackers to bypass a forced-password-change requirement\nlogin/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691"},{"reference_url":"https://github.com/moodle/moodle/commit/0899c0adc036e34e0c37ea1a8d3551610cdb4233","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0899c0adc036e34e0c37ea1a8d3551610cdb4233"},{"reference_url":"https://github.com/moodle/moodle/commit/6e284d55b234287169f21e6ef8a9a237d6eedfe4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6e284d55b234287169f21e6ef8a9a237d6eedfe4"},{"reference_url":"https://github.com/moodle/moodle/commit/b0abcbda170b57649e0ed39ac5aca91dbc30337f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b0abcbda170b57649e0ed39ac5aca91dbc30337f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=307386","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=307386"},{"reference_url":"https://web.archive.org/web/20200227182455/http://www.securityfocus.com/bid/73166","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227182455/http://www.securityfocus.com/bid/73166"},{"reference_url":"http://www.securityfocus.com/bid/73166","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/73166"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2272","reference_id":"CVE-2015-2272","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-2272"},{"reference_url":"https://github.com/advisories/GHSA-5659-g9p4-354f","reference_id":"GHSA-5659-g9p4-354f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5659-g9p4-354f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62127?format=json","purl":"pkg:composer/moodle/moodle@2.8.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.4"}],"aliases":["CVE-2015-2272","GHSA-5659-g9p4-354f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmwc-f872-mufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43738?format=json","vulnerability_id":"VCID-trvp-xzf5-pff8","summary":"Cross-Site Request Forgery (CSRF)\nMultiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48109"},{"reference_url":"https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/541c5b8552e0162010d0259c90a04eb63e875958"},{"reference_url":"https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/817cae1ac7ca748ba368439a40ef67d555774485"},{"reference_url":"https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dcb42c9ed13b0c0ec2dde22b62ef69772d7725e6"},{"reference_url":"https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f75333766c7295932baa72a9dbe9542baf14e107"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323233","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323233"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5338","reference_id":"CVE-2015-5338","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5338"},{"reference_url":"https://github.com/advisories/GHSA-v33x-q8gh-4x42","reference_id":"GHSA-v33x-q8gh-4x42","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v33x-q8gh-4x42"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5338","GHSA-v33x-q8gh-4x42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trvp-xzf5-pff8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43349?format=json","vulnerability_id":"VCID-ujja-hfkh-wkez","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nuser/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433"},{"reference_url":"https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa"},{"reference_url":"https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27"},{"reference_url":"https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2"},{"reference_url":"https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841"},{"reference_url":"https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330173","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330173"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2151","reference_id":"CVE-2016-2151","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2151"},{"reference_url":"https://github.com/advisories/GHSA-r3fc-hx6q-g6cq","reference_id":"GHSA-r3fc-hx6q-g6cq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3fc-hx6q-g6cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2151","GHSA-r3fc-hx6q-g6cq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujja-hfkh-wkez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43546?format=json","vulnerability_id":"VCID-uptz-tj66-7yfk","summary":"Moodle Arbitrary Redirect\nMultiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a"},{"reference_url":"https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313682","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313682"},{"reference_url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3175","reference_id":"CVE-2015-3175","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3175"},{"reference_url":"https://github.com/advisories/GHSA-h798-h7ff-93xv","reference_id":"GHSA-h798-h7ff-93xv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h798-h7ff-93xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3175","GHSA-h798-h7ff-93xv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uptz-tj66-7yfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43519?format=json","vulnerability_id":"VCID-v54t-5thx-1beu","summary":"Improper Access Control\nIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=343275","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=343275"},{"reference_url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642","reference_id":"CVE-2016-8642","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642"},{"reference_url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8","reference_id":"GHSA-x32v-7qw8-cpq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53206?format=json","purl":"pkg:composer/moodle/moodle@2.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/53207?format=json","purl":"pkg:composer/moodle/moodle@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/52966?format=json","purl":"pkg:composer/moodle/moodle@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-e2zc-7ujn-wybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3"}],"aliases":["CVE-2016-8642","GHSA-x32v-7qw8-cpq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43743?format=json","vulnerability_id":"VCID-v6ha-ekxw-7bfr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e"},{"reference_url":"https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8"},{"reference_url":"https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e"},{"reference_url":"https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316665","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316665"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3275","reference_id":"CVE-2015-3275","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3275"},{"reference_url":"https://github.com/advisories/GHSA-6922-5v25-p8jg","reference_id":"GHSA-6922-5v25-p8jg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6922-5v25-p8jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3275","GHSA-6922-5v25-p8jg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ha-ekxw-7bfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38449?format=json","vulnerability_id":"VCID-vb67-yux5-ayhf","summary":"Weak Password Recovery Mechanism for Forgotten Password\nIn Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=339631","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=339631"},{"reference_url":"http://www.securityfocus.com/bid/93174","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038","reference_id":"CVE-2016-7038","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53195?format=json","purl":"pkg:composer/moodle/moodle@2.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53196?format=json","purl":"pkg:composer/moodle/moodle@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52965?format=json","purl":"pkg:composer/moodle/moodle@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k1bh-ymgt-e7cd"},{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2"}],"aliases":["CVE-2016-7038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43532?format=json","vulnerability_id":"VCID-wavt-rrws-3yhs","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718"},{"reference_url":"http://openwall.com/lists/oss-security/2015/05/18/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/05/18/1"},{"reference_url":"https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749"},{"reference_url":"https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78"},{"reference_url":"https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5"},{"reference_url":"https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f"},{"reference_url":"https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b"},{"reference_url":"https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=313685","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=313685"},{"reference_url":"https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726"},{"reference_url":"https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3178","reference_id":"CVE-2015-3178","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3178"},{"reference_url":"https://github.com/advisories/GHSA-9fmw-m4qx-6cq8","reference_id":"GHSA-9fmw-m4qx-6cq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9fmw-m4qx-6cq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62291?format=json","purl":"pkg:composer/moodle/moodle@2.8.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6"}],"aliases":["CVE-2015-3178","GHSA-9fmw-m4qx-6cq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wavt-rrws-3yhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43478?format=json","vulnerability_id":"VCID-wg45-hemm-97am","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173"},{"reference_url":"https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/20ff15e22b4f0abebe1ab5fbfd1d681c88765e2a"},{"reference_url":"https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4015226623111438158fa762b7ce61f6cf677665"},{"reference_url":"https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/731c2712e746053b1ca06b50118632305b447e02"},{"reference_url":"https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fa57105063129eed83bf09d83348681501ff5b64"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320292","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320292"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1033619"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5268","reference_id":"CVE-2015-5268","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5268"},{"reference_url":"https://github.com/advisories/GHSA-h34c-px28-rjgw","reference_id":"GHSA-h34c-px28-rjgw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h34c-px28-rjgw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5268","GHSA-h34c-px28-rjgw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wg45-hemm-97am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43634?format=json","vulnerability_id":"VCID-x2qp-yggf-z7h7","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nCross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091"},{"reference_url":"https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea"},{"reference_url":"https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94"},{"reference_url":"https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443"},{"reference_url":"https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=323230","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=323230"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5335","reference_id":"CVE-2015-5335","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5335"},{"reference_url":"https://github.com/advisories/GHSA-hpmv-wvq3-gj27","reference_id":"GHSA-hpmv-wvq3-gj27","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hpmv-wvq3-gj27"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52551?format=json","purl":"pkg:composer/moodle/moodle@2.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52553?format=json","purl":"pkg:composer/moodle/moodle@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3kq3-v2u1-fyhz"},{"vulnerability":"VCID-xmm4-zw49-3feh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3"}],"aliases":["CVE-2015-5335","GHSA-hpmv-wvq3-gj27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x2qp-yggf-z7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38036?format=json","vulnerability_id":"VCID-xmm4-zw49-3feh","summary":"Information Exposure\nThe (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=326205","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=326205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0724","reference_id":"CVE-2016-0724","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52556?format=json","purl":"pkg:composer/moodle/moodle@2.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52557?format=json","purl":"pkg:composer/moodle/moodle@2.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52558?format=json","purl":"pkg:composer/moodle/moodle@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"}],"aliases":["CVE-2016-0724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43769?format=json","vulnerability_id":"VCID-xy2y-yxfu-xfgm","summary":"Moodle allows attackers to delete files\nThe wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371"},{"reference_url":"https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/037e05e8b266bff4835f0d2eea33ef86fb71d585"},{"reference_url":"https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1d70050f33edb79b974de2509f18c943969589ea"},{"reference_url":"https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/40a154551fcdf0b9ea906f4d1313df29754f1fa1"},{"reference_url":"https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/78de2e86e8506222cf49b1cc6dc58467750ae83d"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=320289","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=320289"},{"reference_url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160323063809/http://www.securitytracker.com/id/1033619"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/09/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/09/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5265","reference_id":"CVE-2015-5265","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5265"},{"reference_url":"https://github.com/advisories/GHSA-44xp-wj24-9xxj","reference_id":"GHSA-44xp-wj24-9xxj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-44xp-wj24-9xxj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62294?format=json","purl":"pkg:composer/moodle/moodle@2.8.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.8"},{"url":"http://public2.vulnerablecode.io/api/packages/62295?format=json","purl":"pkg:composer/moodle/moodle@2.9.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.2"}],"aliases":["CVE-2015-5265","GHSA-44xp-wj24-9xxj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xy2y-yxfu-xfgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43537?format=json","vulnerability_id":"VCID-y2vh-7r7h-9ugu","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nmod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7"},{"reference_url":"https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4"},{"reference_url":"https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d"},{"reference_url":"https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278611","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278611"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0211","reference_id":"CVE-2015-0211","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0211"},{"reference_url":"https://github.com/advisories/GHSA-frhc-9hwc-x7j3","reference_id":"GHSA-frhc-9hwc-x7j3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-frhc-9hwc-x7j3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0211","GHSA-frhc-9hwc-x7j3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y2vh-7r7h-9ugu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43439?format=json","vulnerability_id":"VCID-ym1r-ackg-4kc3","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\naccess.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034"},{"reference_url":"http://openwall.com/lists/oss-security/2015/01/19/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/01/19/1"},{"reference_url":"https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d"},{"reference_url":"https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=278616","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=278616"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0216","reference_id":"CVE-2015-0216","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0216"},{"reference_url":"https://github.com/advisories/GHSA-2jcw-r79x-4r5v","reference_id":"GHSA-2jcw-r79x-4r5v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2jcw-r79x-4r5v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62171?format=json","purl":"pkg:composer/moodle/moodle@2.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2"}],"aliases":["CVE-2015-0216","GHSA-2jcw-r79x-4r5v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ym1r-ackg-4kc3"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0"}