Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2019-3809
A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ...
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ...
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-3809 A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | CVSS3: 6.5 | 0% Низкий | больше 6 лет назад |
 | CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ... | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | CVSS3: 8.8 | 1% Низкий | почти 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ... | CVSS3: 8.8 | 1% Низкий | почти 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | CVSS3: 8.8 | 1% Низкий | почти 7 лет назад |
Уязвимостей на страницу