Download
| Alert*
|
CVE-2016-8643
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. CVE-2016-8644 In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. CVE-2016-8642 In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. CVE-2017-2576 In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. CVE-2017-2578 In Moodle 3.x, there is XSS in the assignment submission page. |
