{"url":"http://public2.vulnerablecode.io/api/packages/54105?format=json","purl":"pkg:composer/moodle/moodle@3.0.10","type":"composer","namespace":"moodle","name":"moodle","version":"3.0.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.5","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=json","vulnerability_id":"VCID-83kb-4mk9-t7ge","summary":"Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=361784","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=361784"},{"reference_url":"http://www.securityfocus.com/bid/101909","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101909"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110","reference_id":"CVE-2017-15110","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54108?format=json","purl":"pkg:composer/moodle/moodle@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/54109?format=json","purl":"pkg:composer/moodle/moodle@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-15110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38851?format=json","vulnerability_id":"VCID-9nd7-4wve-97hc","summary":"Information Exposure\nVarious course reports allow teachers to view details about users in the groups they cannot access.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=358586","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=358586"},{"reference_url":"http://www.securityfocus.com/bid/100848","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100848"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12157","reference_id":"CVE-2017-12157","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12157"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54106?format=json","purl":"pkg:composer/moodle/moodle@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/54107?format=json","purl":"pkg:composer/moodle/moodle@3.2.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53785?format=json","purl":"pkg:composer/moodle/moodle@3.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-83kb-4mk9-t7ge"},{"vulnerability":"VCID-zgzm-wj81-jkah"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2"}],"aliases":["CVE-2017-12157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40471?format=json","vulnerability_id":"VCID-bjnq-q2nd-1khp","summary":"Cross-Site Request Forgery (CSRF)\nThe login form is not protected by a token to prevent login cross-site request forgery.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=378731","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=378731"},{"reference_url":"http://www.securityfocus.com/bid/106017","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106017"},{"reference_url":"http://www.securitytracker.com/id/1042154","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1042154"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16854","reference_id":"CVE-2018-16854","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57083?format=json","purl":"pkg:composer/moodle/moodle@3.1.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-336n-hpzg-euhd"},{"vulnerability":"VCID-9t4u-n1pn-w3bd"},{"vulnerability":"VCID-k73h-z6j8-gkgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15"},{"url":"http://public2.vulnerablecode.io/api/packages/57084?format=json","purl":"pkg:composer/moodle/moodle@3.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/57085?format=json","purl":"pkg:composer/moodle/moodle@3.4.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-336n-hpzg-euhd"},{"vulnerability":"VCID-k73h-z6j8-gkgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6"},{"url":"http://public2.vulnerablecode.io/api/packages/57086?format=json","purl":"pkg:composer/moodle/moodle@3.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-336n-hpzg-euhd"},{"vulnerability":"VCID-k73h-z6j8-gkgz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3"}],"aliases":["CVE-2018-16854"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjnq-q2nd-1khp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=json","vulnerability_id":"VCID-k73h-z6j8-gkgz","summary":"Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=381230#p1536767","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=381230#p1536767"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3810","reference_id":"CVE-2019-3810","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3810"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57634?format=json","purl":"pkg:composer/moodle/moodle@3.1.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16"},{"url":"http://public2.vulnerablecode.io/api/packages/57641?format=json","purl":"pkg:composer/moodle/moodle@3.4.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7"},{"url":"http://public2.vulnerablecode.io/api/packages/57642?format=json","purl":"pkg:composer/moodle/moodle@3.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/57643?format=json","purl":"pkg:composer/moodle/moodle@3.6.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2"}],"aliases":["CVE-2019-3810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=json","vulnerability_id":"VCID-m4zv-e3dn-budf","summary":"Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=367938","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=367938"},{"reference_url":"http://www.securityfocus.com/bid/103728","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103728"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081","reference_id":"CVE-2018-1081","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55318?format=json","purl":"pkg:composer/moodle/moodle@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55319?format=json","purl":"pkg:composer/moodle/moodle@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/55320?format=json","purl":"pkg:composer/moodle/moodle@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/55321?format=json","purl":"pkg:composer/moodle/moodle@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"}],"aliases":["CVE-2018-1081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40246?format=json","vulnerability_id":"VCID-vfp6-4h8n-bkax","summary":"Code Injection\nMoodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=376023","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=376023"},{"reference_url":"http://www.securityfocus.com/bid/105354","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/105354"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14630","reference_id":"CVE-2018-14630","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56464?format=json","purl":"pkg:composer/moodle/moodle@3.1.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.14"},{"url":"http://public2.vulnerablecode.io/api/packages/56461?format=json","purl":"pkg:composer/moodle/moodle@3.3.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.8"},{"url":"http://public2.vulnerablecode.io/api/packages/56462?format=json","purl":"pkg:composer/moodle/moodle@3.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5"},{"url":"http://public2.vulnerablecode.io/api/packages/56463?format=json","purl":"pkg:composer/moodle/moodle@3.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2"}],"aliases":["CVE-2018-14630"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfp6-4h8n-bkax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=json","vulnerability_id":"VCID-zgzm-wj81-jkah","summary":"Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=358585","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=358585"},{"reference_url":"http://www.securityfocus.com/bid/100867","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100867"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156","reference_id":"CVE-2017-12156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54108?format=json","purl":"pkg:composer/moodle/moodle@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/54109?format=json","purl":"pkg:composer/moodle/moodle@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-12156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.10"}