Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-rvmc-8gmg-ggqr
Moodle Blind SQL injection possible via MNet authentication
GHSA-454r-jccq-96q8
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-78fm-qhh8-8858
Moodle reflected XSS
GHSA-vrpr-2xxx-g444
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-wx87-h539-4775
Moodle Information Disclosure vulnerability
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sani ...
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their pro ...
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-rvmc-8gmg-ggqr Moodle Blind SQL injection possible via MNet authentication | CVSS3: 7.2 | 1% Низкий | почти 4 года назад |
| GHSA-454r-jccq-96q8 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-78fm-qhh8-8858 Moodle reflected XSS | CVSS3: 6.1 | 4% Низкий | почти 4 года назад |
| GHSA-vrpr-2xxx-g444 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| GHSA-wx87-h539-4775 Moodle Information Disclosure vulnerability | CVSS3: 5.3 | 0% Низкий | почти 4 года назад |
 | CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | CVSS3: 6.1 | 4% Низкий | почти 4 года назад |
| CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sani ... | CVSS3: 6.1 | 4% Низкий | почти 4 года назад |
| CVE-2021-32477 The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| CVE-2021-32477 The last time a user accessed the mobile app is displayed on their pro ... | CVSS3: 4.3 | 0% Низкий | почти 4 года назад |
| CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу