{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","type":"composer","namespace":"moodle","name":"moodle","version":"2.6.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.6.6","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43548?format=json","vulnerability_id":"VCID-1ehh-qz6c-ykhp","summary":"Moodle allows attackers to obtain username and course information\nMoodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/2ca9e09dab3ff374e1026780b23c63751f4ee312"},{"reference_url":"https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/74556525de9617c593c3e08269d6d541c6576c90"},{"reference_url":"https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8f7d596058a18c60b795b4677b59cf074c56de39"},{"reference_url":"https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9dbf62d23017a91fcbf63bba7f2eb4835f77b8c9"},{"reference_url":"https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dc97145785b9ae192168659c65309bca61a58151"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264267","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264267"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3546","reference_id":"CVE-2014-3546","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3546"},{"reference_url":"https://github.com/advisories/GHSA-4c5g-w3gf-rf4f","reference_id":"GHSA-4c5g-w3gf-rf4f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4c5g-w3gf-rf4f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3546","GHSA-4c5g-w3gf-rf4f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ehh-qz6c-ykhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43321?format=json","vulnerability_id":"VCID-czph-uxwr-5uge","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88"},{"reference_url":"https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7"},{"reference_url":"https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987"},{"reference_url":"https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264269","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264269"},{"reference_url":"http://www.securityfocus.com/bid/68758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68758"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3547","reference_id":"CVE-2014-3547","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3547"},{"reference_url":"https://github.com/advisories/GHSA-hwjv-mc78-cccj","reference_id":"GHSA-hwjv-mc78-cccj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hwjv-mc78-cccj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3547","GHSA-hwjv-mc78-cccj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czph-uxwr-5uge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43463?format=json","vulnerability_id":"VCID-ea5s-xphb-6ub7","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nmod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/78ed99ec7e5e75b283e844adb058140d6ba0ff14"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264263","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264263"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3542","reference_id":"CVE-2014-3542","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3542"},{"reference_url":"https://github.com/advisories/GHSA-xmwv-mqh8-4xgw","reference_id":"GHSA-xmwv-mqh8-4xgw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xmwv-mqh8-4xgw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3542","GHSA-xmwv-mqh8-4xgw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ea5s-xphb-6ub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43392?format=json","vulnerability_id":"VCID-h8xn-n98n-qqdv","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nmod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/595ef4772d330a20c757635ab090acdcc9b2a2fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/595ef4772d330a20c757635ab090acdcc9b2a2fa"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=595ef4772d330a20c757635ab090acdcc9b2a2fa","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=595ef4772d330a20c757635ab090acdcc9b2a2fa"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264264","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3543","reference_id":"CVE-2014-3543","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3543"},{"reference_url":"https://github.com/advisories/GHSA-27j2-c838-c3qg","reference_id":"GHSA-27j2-c838-c3qg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-27j2-c838-c3qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3543","GHSA-27j2-c838-c3qg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8xn-n98n-qqdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43779?format=json","vulnerability_id":"VCID-qxyw-7hnt-hqd6","summary":"Improper Control of Generation of Code ('Code Injection')\nMoodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/blob/1474f74687dda57c7d011b92d16f25b9870d2799/question/type/calculated/question.php#L426"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264266","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264266"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3545","reference_id":"CVE-2014-3545","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3545"},{"reference_url":"https://github.com/advisories/GHSA-3m99-h3hp-w9j7","reference_id":"GHSA-3m99-h3hp-w9j7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3m99-h3hp-w9j7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3545","GHSA-3m99-h3hp-w9j7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxyw-7hnt-hqd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43446?format=json","vulnerability_id":"VCID-r88h-mteg-yka9","summary":"Improper Control of Generation of Code ('Code Injection')\nThe Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d"},{"reference_url":"https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894"},{"reference_url":"https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c"},{"reference_url":"https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2"},{"reference_url":"https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844"},{"reference_url":"https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc"},{"reference_url":"https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42"},{"reference_url":"https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91"},{"reference_url":"https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264262","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264262"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3541","reference_id":"CVE-2014-3541","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3541"},{"reference_url":"https://github.com/advisories/GHSA-fccf-p8fx-vjj4","reference_id":"GHSA-fccf-p8fx-vjj4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fccf-p8fx-vjj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3541","GHSA-fccf-p8fx-vjj4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r88h-mteg-yka9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43448?format=json","vulnerability_id":"VCID-s5cy-eva4-wbaf","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb"},{"reference_url":"https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947"},{"reference_url":"https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e"},{"reference_url":"https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f"},{"reference_url":"https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865"},{"reference_url":"https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853"},{"reference_url":"https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654"},{"reference_url":"https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789"},{"reference_url":"https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae"},{"reference_url":"https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14"},{"reference_url":"https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9"},{"reference_url":"https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2"},{"reference_url":"https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512"},{"reference_url":"https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264"},{"reference_url":"https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085"},{"reference_url":"https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e"},{"reference_url":"https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264273","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264273"},{"reference_url":"https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3551","reference_id":"CVE-2014-3551","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3551"},{"reference_url":"https://github.com/advisories/GHSA-m8f5-9wg8-2c3h","reference_id":"GHSA-m8f5-9wg8-2c3h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m8f5-9wg8-2c3h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3551","GHSA-m8f5-9wg8-2c3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5cy-eva4-wbaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43506?format=json","vulnerability_id":"VCID-ucg8-htfc-2bhn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/","reference_id":"","reference_type":"","scores":[],"url":"http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/"},{"reference_url":"http://osvdb.org/show/osvdb/109337","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/show/osvdb/109337"},{"reference_url":"http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html"},{"reference_url":"https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9"},{"reference_url":"https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9"},{"reference_url":"https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d"},{"reference_url":"https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264265","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264265"},{"reference_url":"http://www.exploit-db.com/exploits/34169","reference_id":"","reference_type":"","scores":[],"url":"http://www.exploit-db.com/exploits/34169"},{"reference_url":"http://www.securityfocus.com/bid/68756","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68756"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3544","reference_id":"CVE-2014-3544","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3544"},{"reference_url":"https://github.com/advisories/GHSA-c9jp-244j-vh78","reference_id":"GHSA-c9jp-244j-vh78","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c9jp-244j-vh78"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3544","GHSA-c9jp-244j-vh78"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ucg8-htfc-2bhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43628?format=json","vulnerability_id":"VCID-v4qm-48kk-pfaz","summary":"Moodle does not enforce the moodle/site:accessallgroups capability requirement\nmod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/5c74e0daca748ffbbbf17a410abd8c85335b2116","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5c74e0daca748ffbbbf17a410abd8c85335b2116"},{"reference_url":"https://github.com/moodle/moodle/commit/91c8d4da71a6706c70071f9182e8ae6110c86d70","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/91c8d4da71a6706c70071f9182e8ae6110c86d70"},{"reference_url":"https://github.com/moodle/moodle/commit/e3fd900dcda7b603d7e0749008abd0d01290bbc3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e3fd900dcda7b603d7e0749008abd0d01290bbc3"},{"reference_url":"https://github.com/moodle/moodle/commit/f2946a5419a94f19cb3490a249fe0bb50161f254","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f2946a5419a94f19cb3490a249fe0bb50161f254"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264268","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3553","reference_id":"CVE-2014-3553","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3553"},{"reference_url":"https://github.com/advisories/GHSA-mg69-5q59-8jcg","reference_id":"GHSA-mg69-5q59-8jcg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mg69-5q59-8jcg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3553","GHSA-mg69-5q59-8jcg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v4qm-48kk-pfaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43785?format=json","vulnerability_id":"VCID-vs2j-b4qg-nbgu","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471"},{"reference_url":"http://openwall.com/lists/oss-security/2014/07/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2014/07/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a"},{"reference_url":"https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288"},{"reference_url":"https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe"},{"reference_url":"https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=264270","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=264270"},{"reference_url":"https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3548","reference_id":"CVE-2014-3548","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3548"},{"reference_url":"https://github.com/advisories/GHSA-f66h-6mj2-rwj2","reference_id":"GHSA-f66h-6mj2-rwj2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f66h-6mj2-rwj2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62209?format=json","purl":"pkg:composer/moodle/moodle@2.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/62059?format=json","purl":"pkg:composer/moodle/moodle@2.5.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62060?format=json","purl":"pkg:composer/moodle/moodle@2.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62061?format=json","purl":"pkg:composer/moodle/moodle@2.7.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1"}],"aliases":["CVE-2014-3548","GHSA-f66h-6mj2-rwj2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs2j-b4qg-nbgu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4"}