Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.3.10:*:*:*:*:*:*:*

part: a version: 2.3.10 update: *

VendorMoodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3)
ProductMoodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/bitnami/moodle purl2cpe 2026-06-01 10:13:14.068249
pkg:github/moodle/moodle purl2cpe 2026-06-01 10:13:14.068251
pkg:rpm/fedora/moodle purl2cpe 2026-06-01 10:13:14.068252
pkg:rpm/opensuse/moodle purl2cpe 2026-06-01 10:13:14.068254

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-3617 vulnerable 2026-06-08 05:05:41.834611 Details available
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
Published: 2014-09-15T14:00:00.000Z
Updated: 2024-08-06T10:50:17.677Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3553 vulnerable 2026-06-08 05:05:33.384412 Details available
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:17.775Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3552 vulnerable 2026-06-08 05:05:33.383484 Details available
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.615Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3551 vulnerable 2026-06-08 05:05:33.382353 Details available
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.348Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3548 vulnerable 2026-06-08 05:05:33.380527 Details available
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.896Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3546 vulnerable 2026-06-08 05:05:33.379004 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3545 vulnerable 2026-06-08 05:05:33.378016 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3544 vulnerable 2026-06-08 05:05:33.376855 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3543 vulnerable 2026-06-08 05:05:33.375475 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3542 vulnerable 2026-06-08 05:05:33.374502 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3541 vulnerable 2026-06-08 05:05:33.371095 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2571 vulnerable 2026-06-08 05:05:29.223640 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0218 vulnerable 2026-06-08 05:05:12.240237 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0216 vulnerable 2026-06-08 05:05:12.238255 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0215 vulnerable 2026-06-08 05:05:12.236639 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0214 vulnerable 2026-06-08 05:05:12.234954 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0213 vulnerable 2026-06-08 05:05:12.224985 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0129 vulnerable 2026-06-08 05:05:11.708157 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0127 vulnerable 2026-06-08 05:05:11.625404 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0126 vulnerable 2026-06-08 05:05:11.623712 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0125 vulnerable 2026-06-08 05:05:11.622185 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0124 vulnerable 2026-06-08 05:05:11.620643 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0123 vulnerable 2026-06-08 05:05:11.619077 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0122 vulnerable 2026-06-08 05:05:11.617508 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0010 vulnerable 2026-06-08 05:05:10.553619 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0009 vulnerable 2026-06-08 05:05:10.541949 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0008 vulnerable 2026-06-08 05:05:10.540398 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-7341 vulnerable 2026-06-08 05:05:09.993465 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.