{"url":"http://public2.vulnerablecode.io/api/packages/54109?format=json","purl":"pkg:composer/moodle/moodle@3.2.6","type":"composer","namespace":"moodle","name":"moodle","version":"3.2.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39322?format=json","vulnerability_id":"VCID-ajkr-fxa1-mkhk","summary":"Cross-site Scripting\nMoodle is vulnerable to XSS via a calendar event name.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364384","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364384"},{"reference_url":"http://www.securityfocus.com/bid/102755","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1045","reference_id":"CVE-2018-1045","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"}],"aliases":["CVE-2018-1045"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=json","vulnerability_id":"VCID-duna-st9c-mqbk","summary":"Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364383","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364383"},{"reference_url":"http://www.securityfocus.com/bid/102754","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044","reference_id":"CVE-2018-1044","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=json","vulnerability_id":"VCID-nc2j-pay7-ryab","summary":"Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364382","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364382"},{"reference_url":"http://www.securityfocus.com/bid/102769","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102769"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1043","reference_id":"CVE-2018-1043","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1043"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1043"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=json","vulnerability_id":"VCID-yghg-775s-vber","summary":"Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364381","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364381"},{"reference_url":"http://www.securityfocus.com/bid/102752","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042","reference_id":"CVE-2018-1042","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=json","vulnerability_id":"VCID-83kb-4mk9-t7ge","summary":"Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=361784","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=361784"},{"reference_url":"http://www.securityfocus.com/bid/101909","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101909"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110","reference_id":"CVE-2017-15110","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15110"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54108?format=json","purl":"pkg:composer/moodle/moodle@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/54109?format=json","purl":"pkg:composer/moodle/moodle@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-15110"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=json","vulnerability_id":"VCID-zgzm-wj81-jkah","summary":"Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=358585","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=358585"},{"reference_url":"http://www.securityfocus.com/bid/100867","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100867"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156","reference_id":"CVE-2017-12156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-12156"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54108?format=json","purl":"pkg:composer/moodle/moodle@3.1.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/54109?format=json","purl":"pkg:composer/moodle/moodle@3.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54110?format=json","purl":"pkg:composer/moodle/moodle@3.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ajkr-fxa1-mkhk"},{"vulnerability":"VCID-duna-st9c-mqbk"},{"vulnerability":"VCID-nc2j-pay7-ryab"},{"vulnerability":"VCID-yghg-775s-vber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3"}],"aliases":["CVE-2017-12156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6"}