Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*

part: a version: 2.4.7 update: *

VendorMoodle (1f527b56-744d-5be6-b0f4-b691bd50b8c3)
ProductMoodle (221dc9da-2dde-53d2-a358-e0cb5ac858f7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:docker/bitnami/moodle purl2cpe 2026-06-01 10:13:14.068361
pkg:github/moodle/moodle purl2cpe 2026-06-01 10:13:14.068362
pkg:rpm/fedora/moodle purl2cpe 2026-06-01 10:13:14.068364
pkg:rpm/opensuse/moodle purl2cpe 2026-06-01 10:13:14.068365

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-3617 vulnerable 2026-06-08 05:05:41.840733 Details available
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
Published: 2014-09-15T14:00:00.000Z
Updated: 2024-08-06T10:50:17.677Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3553 vulnerable 2026-06-08 05:05:33.384544 Details available
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:17.775Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3552 vulnerable 2026-06-08 05:05:33.383179 Details available
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.615Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3551 vulnerable 2026-06-08 05:05:33.382560 Details available
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.348Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3548 vulnerable 2026-06-08 05:05:33.380657 Details available
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
Published: 2014-07-29T10:00:00.000Z
Updated: 2024-08-06T10:50:16.896Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3546 vulnerable 2026-06-08 05:05:33.379274 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3545 vulnerable 2026-06-08 05:05:33.377644 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3544 vulnerable 2026-06-08 05:05:33.376616 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3543 vulnerable 2026-06-08 05:05:33.375856 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3542 vulnerable 2026-06-08 05:05:33.374632 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-3541 vulnerable 2026-06-08 05:05:33.365828 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2571 vulnerable 2026-06-08 05:05:29.227873 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0218 vulnerable 2026-06-08 05:05:12.240369 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0216 vulnerable 2026-06-08 05:05:12.238380 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0215 vulnerable 2026-06-08 05:05:12.236768 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0214 vulnerable 2026-06-08 05:05:12.235084 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0213 vulnerable 2026-06-08 05:05:12.225120 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0129 vulnerable 2026-06-08 05:05:11.708290 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0127 vulnerable 2026-06-08 05:05:11.625534 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0126 vulnerable 2026-06-08 05:05:11.623844 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0125 vulnerable 2026-06-08 05:05:11.622311 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0124 vulnerable 2026-06-08 05:05:11.620768 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0123 vulnerable 2026-06-08 05:05:11.619211 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0122 vulnerable 2026-06-08 05:05:11.617642 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0010 vulnerable 2026-06-08 05:05:10.543083 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0009 vulnerable 2026-06-08 05:05:10.542145 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-0008 vulnerable 2026-06-08 05:05:10.540188 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-7341 vulnerable 2026-06-08 05:05:09.997357 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.