VDB
GCVE-110-MAGEIA-2016-29
GCVE-110-MAGEIA-2016-29
Advisory Published
In Moodle before 2.8.10, web services
core_enrol_get_course_enrolment_methods and
enrol_self_get_instance_info did not check user permission to access
hidden courses (CVE-2016-0724).
In Moodle before 2.8.10, search string in course management interface was
not escaped when being output creating potential for XSS attack
(CVE-2016-0725).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | moodle | 0 (affected), 2.8.10-1.mga5 (unaffected), 0 (affected), 2.8.10-1.mga5 (unaffected) | — |
| Mageia | nvidia340 | 0 (affected), 340.96-1.mga5.nonfree (unaffected) | — |
| Mageia | kmod-nvidia340 | 340.96-1.mga5.nonfree (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.