Tim Hunt

#11623de 53,630
23.6CVSS total
Vulnerabilidades · 6
Baixa
2
Média
4
PT-2022-8587
4.3
2020-03-10
Moodle · Moodle · CVE-2020-1754
**Nome do software vulnerável e versões afetadas** Versões do Moodle anteriores à 3.8.2 Versões do Moodle anteriores à 3.7.5 Versões do Moodle anteriores à 3.6.9 Versões do Moodle anteriores à 3.5.11 **Descrição** A vulnerabilidade permite que os usuários visualizem o relatório do histórico de notas sem as restrições adequadas. Especificamente, usuários sem a permissão “acessar todos os grupos” podiam visualizar as notas de usuários fora de seus próprios grupos. **Recomendações** Para versões anteriores à 3.8.2, atualize para a versão 3.8.2 ou posterior. Para versões anteriores à 3.7.5, atualize para a versão 3.7.5 ou posterior. Para versões anteriores à 3.6.9, atualize para a versão 3.6.9 ou posterior. Para versões anteriores à 3.5.11, atualize para a versão 3.5.11 ou posterior.
PT-2017-8416
4.3
2017-04-20
Moodle · Moodle · CVE-2016-3732
**Name of the Vulnerable Software and Affected Versions** Moodle versions 3.0 through 3.0.3 Moodle versions 2.9 through 2.9.5 Moodle versions 2.8 through 2.8.11 Moodle versions 2.7 through 2.7.13 Moodle versions prior to 2.7 **Description** The issue allows remote authenticated users to read the badges of other users due to a capability check flaw in accessing other badges. **Recommendations** For Moodle versions 3.0 through 3.0.3, update to a version outside of this range to resolve the issue. For Moodle versions 2.9 through 2.9.5, update to a version outside of this range to resolve the issue. For Moodle versions 2.8 through 2.8.11, update to a version outside of this range to resolve the issue. For Moodle versions 2.7 through 2.7.13, update to a version outside of this range to resolve the issue. For Moodle versions prior to 2.7, update to a version outside of this range to resolve the issue.
PT-2015-1618
3.5
2015-03-18
Moodle · Moodle · CVE-2015-2273
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.5.10 Moodle versions 2.6.x through 2.6.8 Moodle versions 2.7.x through 2.7.5 Moodle versions 2.8.x through 2.8.3 **Description** A cross-site scripting (XSS) issue exists due to insufficient protection of the web page structure. This allows a remote attacker to inject arbitrary web script or HTML by manipulating input data, potentially leveraging the student role for a crafted quiz response. **Recommendations** For versions prior to 2.5.10, update to version 2.5.10 or later. For versions 2.6.x through 2.6.8, update to version 2.6.9 or later. For versions 2.7.x through 2.7.5, update to version 2.7.6 or later. For versions 2.8.x through 2.8.3, update to version 2.8.4 or later.
PT-2014-4784
3.5
2014-03-22
Moodle · Moodle · CVE-2014-2571
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.3.11 Moodle versions 2.4.x before 2.4.9 Moodle versions 2.5.x before 2.5.5 Moodle versions 2.6.x before 2.6.2 **Description** A cross-site scripting (XSS) issue exists in the quiz question tostring function in mod/quiz/editlib.php, allowing remote authenticated users to inject arbitrary web script or HTML via a quiz question. **Recommendations** For Moodle versions prior to 2.3.11, update to version 2.3.11 or later. For Moodle versions 2.4.x before 2.4.9, update to version 2.4.9 or later. For Moodle versions 2.5.x before 2.5.5, update to version 2.5.5 or later. For Moodle versions 2.6.x before 2.6.2, update to version 2.6.2 or later.
PT-2012-3976
4.0
2012-07-21
Moodle · Moodle · CVE-2012-2355
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 **Description** The issue allows remote authenticated users to bypass capability requirements and add arbitrary questions to a quiz via the questions feature. **Recommendations** For Moodle versions 2.1.x through 2.1.5, update to version 2.1.6 or later. For Moodle versions 2.2.x through 2.2.2, update to version 2.2.3 or later.
PT-2012-3977
4.0
2012-07-21
Moodle · Moodle · CVE-2012-2356
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 **Description** The issue allows remote authenticated users to bypass intended capability requirements and save questions. This is achieved via a `save question` action in the question-bank functionality. **Recommendations** For Moodle versions 2.1.x through 2.1.5, update to version 2.1.6 or later. For Moodle versions 2.2.x through 2.2.2, update to version 2.2.3 or later.