Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2019-18210
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated "this report has been closed as a false positive, and not a bug."
CVE-2019-18210
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ...
CVE-2019-18210
Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated "this report has been closed as a false positive, and not a bug."
CVE-2019-14879
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
CVE-2019-14879
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ...
CVE-2019-14879
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable).
CVE-2012-1170
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
CVE-2012-1170
Moodle before 2.2.2 has an external enrolment plugin context check iss ...
CVE-2012-1169
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
CVE-2012-1169
Moodle before 2.2.2 has Personal information disclosure, when administ ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-18210 Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated "this report has been closed as a false positive, and not a bug." | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
| CVE-2019-18210 Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ... | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
 | CVE-2019-18210 Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. NOTE: the discoverer and vendor disagree on whether Moodle customers have a reasonable expectation that anyone authenticated as a Teacher can be trusted with the ability to add arbitrary JavaScript (this ability is not documented on Moodle's Teacher_role page). Because the vendor has this expectation, they have stated "this report has been closed as a false positive, and not a bug." | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14879 A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14879 A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x ... | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14879 A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | CVSS3: 5.4 | 0% Низкий | больше 5 лет назад |
| CVE-2012-1170 Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| CVE-2012-1170 Moodle before 2.2.2 has an external enrolment plugin context check iss ... | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| CVE-2012-1169 Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
| CVE-2012-1169 Moodle before 2.2.2 has Personal information disclosure, when administ ... | CVSS3: 5.3 | 1% Низкий | почти 6 лет назад |
Уязвимостей на страницу