Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
GHSA-78fm-qhh8-8858
Moodle reflected XSS
GHSA-rvmc-8gmg-ggqr
Moodle Blind SQL injection possible via MNet authentication
GHSA-454r-jccq-96q8
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-wx87-h539-4775
Moodle Information Disclosure vulnerability
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sani ...
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their pro ...
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due t ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-78fm-qhh8-8858 Moodle reflected XSS | CVSS3: 6.1 | 4% Низкий | больше 3 лет назад |
| GHSA-rvmc-8gmg-ggqr Moodle Blind SQL injection possible via MNet authentication | CVSS3: 7.2 | 1% Низкий | больше 3 лет назад |
| GHSA-454r-jccq-96q8 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-wx87-h539-4775 Moodle Information Disclosure vulnerability | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | CVSS3: 6.1 | 4% Низкий | больше 3 лет назад |
| CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sani ... | CVSS3: 6.1 | 4% Низкий | больше 3 лет назад |
| CVE-2021-32477 The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-32477 The last time a user accessed the mobile app is displayed on their pro ... | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
| CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due t ... | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу