Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2019-3808
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2019-6970
Moodle 3.5.x before 3.5.4 allows SSRF.
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ...
CVE-2018-16854
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15.
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ...
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2019-3808 A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. | CVSS3: 5.4 | 0% Низкий | больше 6 лет назад |
 | CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2019-6970 Moodle 3.5.x before 3.5.4 allows SSRF. | CVSS3: 7.5 | 0% Низкий | больше 6 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to ... | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-16854 A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed versions include 3.6, 3.5.3, 3.4.6, 3.3.9 and 3.1.15. | CVSS3: 6.5 | 2% Низкий | почти 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ... | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
| CVE-2018-14631 moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter. | CVSS3: 8.8 | 1% Низкий | около 7 лет назад |
Уязвимостей на страницу