VDB

GCVE-110-MAGEIA-2016-29

GCVE-110-MAGEIA-2016-29
Advisory Published
Vulnetix · Advisory published January 20, 2016
In Moodle before 2.8.10, web services core_enrol_get_course_enrolment_methods and enrol_self_get_instance_info did not check user permission to access hidden courses (CVE-2016-0724). In Moodle before 2.8.10, search string in course management interface was not escaped when being output creating potential for XSS attack (CVE-2016-0725).

Affected Products

VendorProductVersionsPlatforms
Mageiamoodle0 (affected), 2.8.10-1.mga5 (unaffected), 0 (affected), 2.8.10-1.mga5 (unaffected)
Mageianvidia3400 (affected), 340.96-1.mga5.nonfree (unaffected)
Mageiakmod-nvidia340340.96-1.mga5.nonfree (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›