{"url":"http://public2.vulnerablecode.io/api/packages/52558?format=json","purl":"pkg:composer/moodle/moodle@3.0.2","type":"composer","namespace":"moodle","name":"moodle","version":"3.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=json","vulnerability_id":"VCID-37pj-u3gh-n7fd","summary":"Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330181","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190","reference_id":"CVE-2016-2190","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=json","vulnerability_id":"VCID-an53-nu91-k3d7","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330174","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152","reference_id":"CVE-2016-2152","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=json","vulnerability_id":"VCID-eaqp-7abt-6kg9","summary":"Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330182","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159","reference_id":"CVE-2016-2159","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2159"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=json","vulnerability_id":"VCID-k6pw-51st-b3d2","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330175","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153","reference_id":"CVE-2016-2153","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38035?format=json","vulnerability_id":"VCID-3kq3-v2u1-fyhz","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `search_pagination` function in `course/classes/management_renderer.php` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=326206","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=326206"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0725","reference_id":"CVE-2016-0725","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0725"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52556?format=json","purl":"pkg:composer/moodle/moodle@2.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52557?format=json","purl":"pkg:composer/moodle/moodle@2.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52558?format=json","purl":"pkg:composer/moodle/moodle@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"}],"aliases":["CVE-2016-0725"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kq3-v2u1-fyhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38036?format=json","vulnerability_id":"VCID-xmm4-zw49-3feh","summary":"Information Exposure\nThe (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=326205","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=326205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0724","reference_id":"CVE-2016-0724","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0724"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52562?format=json","purl":"pkg:composer/moodle/moodle@2.7.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.12"},{"url":"http://public2.vulnerablecode.io/api/packages/52556?format=json","purl":"pkg:composer/moodle/moodle@2.8.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"},{"url":"http://public2.vulnerablecode.io/api/packages/52557?format=json","purl":"pkg:composer/moodle/moodle@2.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"},{"url":"http://public2.vulnerablecode.io/api/packages/52558?format=json","purl":"pkg:composer/moodle/moodle@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37pj-u3gh-n7fd"},{"vulnerability":"VCID-an53-nu91-k3d7"},{"vulnerability":"VCID-eaqp-7abt-6kg9"},{"vulnerability":"VCID-k6pw-51st-b3d2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"}],"aliases":["CVE-2016-0724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"}