{"url":"http://public2.vulnerablecode.io/api/packages/53785?format=json","purl":"pkg:composer/moodle/moodle@3.3.2","type":"composer","namespace":"moodle","name":"moodle","version":"3.3.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.3.6","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=json","vulnerability_id":"VCID-83kb-4mk9-t7ge","summary":"Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=361784","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=361784"},{"reference_url":"http://www.securityfocus.com/bid/101909","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101909"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110","reference_id":"CVE-2017-15110","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-15110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=json","vulnerability_id":"VCID-zgzm-wj81-jkah","summary":"Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=358585","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=358585"},{"reference_url":"http://www.securityfocus.com/bid/100867","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100867"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156","reference_id":"CVE-2017-12156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-12156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38851?format=json","vulnerability_id":"VCID-9nd7-4wve-97hc","summary":"Information Exposure\nVarious course reports allow teachers to view details about users in the groups they cannot access.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=358586","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=358586"},{"reference_url":"http://www.securityfocus.com/bid/100848","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100848"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12157","reference_id":"CVE-2017-12157","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12157"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54106?format=json","purl":"pkg:composer/moodle/moodle@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/54107?format=json","purl":"pkg:composer/moodle/moodle@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53785?format=json","purl":"pkg:composer/moodle/moodle@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2"}],"aliases":["CVE-2017-12157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38688?format=json","vulnerability_id":"VCID-q2fa-jymp-c3bb","summary":"Information Exposure\nMoodle has a user fullname disclosure through the user preferences page.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=355554","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=355554"},{"reference_url":"http://www.securityfocus.com/bid/99606","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99606"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2642","reference_id":"CVE-2017-2642","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2642"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53783?format=json","purl":"pkg:composer/moodle/moodle@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9nd7-4wve-97hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53784?format=json","purl":"pkg:composer/moodle/moodle@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9nd7-4wve-97hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53785?format=json","purl":"pkg:composer/moodle/moodle@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2"}],"aliases":["CVE-2017-2642"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38681?format=json","vulnerability_id":"VCID-yp82-zj5g-pbaf","summary":"Improper Privilege Management\nCourse creators are able to change system default settings for courses.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=355556","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=355556"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7532","reference_id":"CVE-2017-7532","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7532"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53783?format=json","purl":"pkg:composer/moodle/moodle@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9nd7-4wve-97hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53784?format=json","purl":"pkg:composer/moodle/moodle@3.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9nd7-4wve-97hc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53785?format=json","purl":"pkg:composer/moodle/moodle@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2"}],"aliases":["CVE-2017-7532"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2"}