Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 470

CVE-2024-37674

около 1 года назад

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...

CVSS3: 5.5

EPSS: Низкий

CVE-2024-37674

около 1 года назад

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

CVSS3: 5.5

EPSS: Низкий

CVE-2024-37674

около 1 года назад

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

CVSS3: 5.5

EPSS: Низкий

GHSA-356g-7x36-7m34

около 1 года назад

Moodle CSRF risks due to misuse of confirm_sesskey

CVSS3: 5.4

EPSS: Низкий

GHSA-p2cj-86v4-7782

около 1 года назад

Moodle HTTP authorization header is preserved between "emulated redirects"

CVSS3: 7.5

EPSS: Низкий

CVE-2024-38276

около 1 года назад

Incorrect CSRF token checks resulted in multiple CSRF risks.

CVSS3: 8.8

EPSS: Низкий

CVE-2024-38276

около 1 года назад

Incorrect CSRF token checks resulted in multiple CSRF risks.

CVSS3: 8.8

EPSS: Низкий

CVE-2024-38275

около 1 года назад

The cURL wrapper in Moodle retained the original request headers when ...

CVSS3: 7.5

EPSS: Низкий

CVE-2024-38275

около 1 года назад

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CVSS3: 7.5

EPSS: Низкий

CVE-2024-38275

около 1 года назад

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote ...	CVSS3: 5.5	0% Низкий	около 1 года назад
CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.	CVSS3: 5.5	0% Низкий	около 1 года назад
CVE-2024-37674 Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.	CVSS3: 5.5	0% Низкий	около 1 года назад
GHSA-356g-7x36-7m34 Moodle CSRF risks due to misuse of confirm_sesskey	CVSS3: 5.4	0% Низкий	около 1 года назад
GHSA-p2cj-86v4-7782 Moodle HTTP authorization header is preserved between "emulated redirects"	CVSS3: 7.5	0% Низкий	около 1 года назад
CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks.	CVSS3: 8.8	0% Низкий	около 1 года назад
CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks.	CVSS3: 8.8	0% Низкий	около 1 года назад
CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when ...	CVSS3: 7.5	0% Низкий	около 1 года назад
CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.	CVSS3: 7.5	0% Низкий	около 1 года назад
CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.	CVSS3: 7.5	0% Низкий	около 1 года назад

Уязвимостей на страницу