Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 577
GHSA-mj87-8xf8-fp4w
Cross-Site Scripting in yui
CVE-2020-10738
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
CVE-2020-10738
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...
CVE-2020-10738
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution.
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ...
CVE-2019-14880
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise.
CVE-2019-14884
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.
CVE-2019-14884
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 ...
CVE-2019-14883
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-mj87-8xf8-fp4w Cross-Site Scripting in yui | 0% Низкий | около 5 лет назад | |
 | CVE-2020-10738 A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | CVSS3: 7.5 | 2% Низкий | больше 5 лет назад |
| CVE-2020-10738 A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ... | CVSS3: 7.5 | 2% Низкий | больше 5 лет назад |
 | CVE-2020-10738 A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | CVSS3: 7.5 | 2% Низкий | больше 5 лет назад |
| CVE-2019-14880 A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | CVSS3: 9.1 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14880 A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 bef ... | CVSS3: 9.1 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14880 A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | CVSS3: 9.1 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14884 A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14884 A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 ... | CVSS3: 6.1 | 0% Низкий | больше 5 лет назад |
| CVE-2019-14883 A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | CVSS3: 5.3 | 0% Низкий | больше 5 лет назад |
Уязвимостей на страницу