Eloy Lafuente

#15836of 53,635
17Total CVSS
Vulnerabilities · 4
Low
1
Medium
3
PT-2019-6742
4.0
2019-11-14
Moodle · Moodle · CVE-2012-1160
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.2.2 **Description** The issue concerns a permission problem in Forum Subscriptions. Unenrolled users can subscribe or unsubscribe through the mod/forum/index.php endpoint, specifically the `mod/forum/index.php` API endpoint. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue.
PT-2015-1577
3.5
2015-05-18
Moodle · Moodle · CVE-2015-3178
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.5.10 Moodle versions 2.6.x through 2.6.10 Moodle versions 2.7.x through 2.7.7 Moodle versions 2.8.x through 2.8.5 **Description** A cross-site scripting (XSS) issue exists due to insufficient protection of the web page structure. This allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. **Recommendations** For versions prior to 2.5.10, update to version 2.5.10 or later. For versions 2.6.x through 2.6.10, update to version 2.6.11 or later. For versions 2.7.x through 2.7.7, update to version 2.7.8 or later. For versions 2.8.x through 2.8.5, update to version 2.8.6 or later.
PT-2014-4785
4.0
2014-03-22
Moodle · Moodle · CVE-2014-2572
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.6.0 through 2.6.1 **Description** The issue is related to the handling of assignment web-service parameters in the mod/assign/externallib.php file. This might allow remote authenticated users to modify grade metadata. **Recommendations** For Moodle versions 2.6.0 through 2.6.1, update to version 2.6.2 or later to resolve the issue.
PT-2012-2874
5.5
2012-07-17
Moodle · Moodle · CVE-2012-0797
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.x through 2.0.6 Moodle versions 2.1.x through 2.1.3 Moodle versions 2.2.x through 2.2.0 **Description** The issue allows remote authenticated users to bypass the deleted status and continue using a server via a token, specifically affecting the webservices functionality. **Recommendations** For Moodle versions 2.0.x through 2.0.6, update to version 2.0.7 or later. For Moodle versions 2.1.x through 2.1.3, update to version 2.1.4 or later. For Moodle versions 2.2.x through 2.2.0, update to version 2.2.1 or later.