Search for packages
| purl | pkg:composer/moodle/moodle@1.9.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1p7p-yyy8-9ugd
Aliases: CVE-2013-1834 GHSA-prrh-679x-79qh |
Moodle allows remote authenticated users to reassign notes notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. |
Affected by 0 other vulnerabilities. Affected by 220 other vulnerabilities. Affected by 223 other vulnerabilities. |
|
VCID-2ez9-qhs4-rfgc
Aliases: CVE-2010-1618 GHSA-45ch-hxgr-vx8j |
phpCAS client library and Moodle Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. |
Affected by 0 other vulnerabilities. |
|
VCID-3eq5-fe6b-zbbd
Aliases: CVE-2010-1616 GHSA-966m-m549-2878 |
Moodle is vulnerable to unauthorized new accounts creation Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. |
Affected by 0 other vulnerabilities. |
|
VCID-5kxb-cjhz-fqc7
Aliases: CVE-2011-4286 GHSA-86v9-gqh9-8268 |
Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-6he7-yx9n-83c9
Aliases: CVE-2010-2230 GHSA-3gm8-32vv-q8mp |
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input. |
Affected by 0 other vulnerabilities. |
|
VCID-k7c7-e45x-3yg4
Aliases: CVE-2010-1619 GHSA-hhxf-w8hj-43w6 |
Moodle vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. |
Affected by 0 other vulnerabilities. |
|
VCID-m5as-6axp-b3g5
Aliases: CVE-2010-1617 GHSA-q53j-c866-h9mw |
Moodle doesn't properly check role user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. |
Affected by 0 other vulnerabilities. |
|
VCID-px25-bftd-akac
Aliases: CVE-2011-4283 GHSA-m3xp-4hf3-qfpp |
Moodle allows remote attackers to obtain sensitive information Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-tzjp-f9vc-nqe3
Aliases: CVE-2010-1614 GHSA-5fgv-cvr8-xg48 |
Moodle vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. |
Affected by 0 other vulnerabilities. |
|
VCID-veb6-9f8w-jbd4
Aliases: CVE-2008-5153 GHSA-x7r4-26m9-hmgq |
Affected by 0 other vulnerabilities. |
|
|
VCID-x1xw-7ked-hfgf
Aliases: CVE-2010-1615 GHSA-9xp2-5fr9-7mwm |
Moodle vulnerable to SQL injection Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. |
Affected by 0 other vulnerabilities. |
|
VCID-yrg3-h8dt-nffv
Aliases: CVE-2011-4133 GHSA-7cvw-wrj9-q5fp |
Moodle vulnerable to Cross-Site Request Forgery Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||