GCVE - cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:moodle:moodle:2.4.10:*:*:*:*:*:*:*

part: a version: 2.4.10 update: *

Vendor	Moodle (`1f527b56-744d-5be6-b0f4-b691bd50b8c3`)
Product	Moodle (`221dc9da-2dde-53d2-a358-e0cb5ac858f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bitnami/moodle`	purl2cpe	2026-06-01 10:13:14.068322
`pkg:github/moodle/moodle`	purl2cpe	2026-06-01 10:13:14.068324
`pkg:rpm/fedora/moodle`	purl2cpe	2026-06-01 10:13:14.068325
`pkg:rpm/opensuse/moodle`	purl2cpe	2026-06-01 10:13:14.068327

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3617`	vulnerable	2026-06-08 05:05:41.842691	Details available The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. Published: 2014-09-15T14:00:00.000Z Updated: 2024-08-06T10:50:17.677Z Open on db.gcve.eu Reference links http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619 http://openwall.com/lists/oss-security/2014/09/15/1 https://moodle.org/mod/forum/discuss.php?d=269591	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3553`	vulnerable	2026-06-08 05:05:33.384592	Details available mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. Published: 2014-07-29T10:00:00.000Z Updated: 2024-08-06T10:50:17.775Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=264268 http://openwall.com/lists/oss-security/2014/07/21/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3552`	vulnerable	2026-06-08 05:05:33.383226	Details available The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. Published: 2014-07-29T10:00:00.000Z Updated: 2024-08-06T10:50:16.615Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264261 http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3551`	vulnerable	2026-06-08 05:05:33.382606	Details available Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. Published: 2014-07-29T10:00:00.000Z Updated: 2024-08-06T10:50:16.348Z Open on db.gcve.eu Reference links http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264273 http://www.securityfocus.com/bid/68763	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3548`	vulnerable	2026-06-08 05:05:33.380769	Details available Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog. Published: 2014-07-29T10:00:00.000Z Updated: 2024-08-06T10:50:16.896Z Open on db.gcve.eu Reference links http://openwall.com/lists/oss-security/2014/07/21/1 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471 http://www.securityfocus.com/bid/68766 https://moodle.org/mod/forum/discuss.php?d=264270	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3546`	vulnerable	2026-06-08 05:05:33.379320	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3545`	vulnerable	2026-06-08 05:05:33.377823	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3544`	vulnerable	2026-06-08 05:05:33.376666	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3543`	vulnerable	2026-06-08 05:05:33.375904	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3542`	vulnerable	2026-06-08 05:05:33.374680	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3541`	vulnerable	2026-06-08 05:05:33.368160	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.