{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","type":"composer","namespace":"moodle","name":"moodle","version":"2.9.1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.9.2","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43529?format=json","vulnerability_id":"VCID-37j1-ym2f-1fbc","summary":"Moodle open redirect vulnerability\nOpen redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2"},{"reference_url":"https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5"},{"reference_url":"https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f"},{"reference_url":"https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316662","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316662"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3272","reference_id":"CVE-2015-3272","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3272"},{"reference_url":"https://github.com/advisories/GHSA-2hw2-h3mf-c2j9","reference_id":"GHSA-2hw2-h3mf-c2j9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hw2-h3mf-c2j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62467?format=json","purl":"pkg:composer/moodle/moodle@2.7.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3272","GHSA-2hw2-h3mf-c2j9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37j1-ym2f-1fbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43703?format=json","vulnerability_id":"VCID-emu7-jhv2-zqb8","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8"},{"reference_url":"https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36"},{"reference_url":"https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b"},{"reference_url":"https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316664","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316664"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3274","reference_id":"CVE-2015-3274","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3274"},{"reference_url":"https://github.com/advisories/GHSA-f7qm-q26p-6rr2","reference_id":"GHSA-f7qm-q26p-6rr2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f7qm-q26p-6rr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62467?format=json","purl":"pkg:composer/moodle/moodle@2.7.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3274","GHSA-f7qm-q26p-6rr2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emu7-jhv2-zqb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43743?format=json","vulnerability_id":"VCID-v6ha-ekxw-7bfr","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614"},{"reference_url":"http://openwall.com/lists/oss-security/2015/07/13/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2015/07/13/2"},{"reference_url":"https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e"},{"reference_url":"https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8"},{"reference_url":"https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e"},{"reference_url":"https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=316665","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=316665"},{"reference_url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3275","reference_id":"CVE-2015-3275","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3275"},{"reference_url":"https://github.com/advisories/GHSA-6922-5v25-p8jg","reference_id":"GHSA-6922-5v25-p8jg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6922-5v25-p8jg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62467?format=json","purl":"pkg:composer/moodle/moodle@2.7.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9"},{"url":"http://public2.vulnerablecode.io/api/packages/62468?format=json","purl":"pkg:composer/moodle/moodle@2.8.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62469?format=json","purl":"pkg:composer/moodle/moodle@2.9.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}],"aliases":["CVE-2015-3275","GHSA-6922-5v25-p8jg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ha-ekxw-7bfr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1"}