Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2016-2157

больше 9 лет назад

Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.

CVSS3: 8.8

EPSS: Низкий

CVE-2016-2152

больше 9 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-2153

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-2155

больше 9 лет назад

The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role.

CVSS3: 4.3

EPSS: Низкий

BDU:2016-01464

больше 9 лет назад

Уязвимость системы управления обучением Мoodle, позволяющая нарушителю получить доступ к защищаемой информации

CVSS2: 5

EPSS: Низкий

BDU:2016-01465

больше 9 лет назад

Уязвимость системы управления обучением Мoodle, позволяющая нарушителю обойти существующие ограничения по сроку доступа

CVSS2: 4

EPSS: Низкий

CVE-2016-0725

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-0725

больше 9 лет назад

Cross-site scripting (XSS) vulnerability in the search_pagination func ...

CVSS3: 6.1

EPSS: Низкий

CVE-2016-0724

больше 9 лет назад

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

CVSS3: 4.3

EPSS: Низкий

CVE-2016-0724

больше 9 лет назад

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get ...

CVSS3: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-2157 Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.	CVSS3: 8.8	0% Низкий	больше 9 лет назад
CVE-2016-2152 Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.	CVSS3: 6.1	0% Низкий	больше 9 лет назад
CVE-2016-2153 Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.	CVSS3: 6.1	0% Низкий	больше 9 лет назад
CVE-2016-2155 The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role.	CVSS3: 4.3	0% Низкий	больше 9 лет назад
BDU:2016-01464 Уязвимость системы управления обучением Мoodle, позволяющая нарушителю получить доступ к защищаемой информации	CVSS2: 5	0% Низкий	больше 9 лет назад
BDU:2016-01465 Уязвимость системы управления обучением Мoodle, позволяющая нарушителю обойти существующие ограничения по сроку доступа	CVSS2: 4	0% Низкий	больше 9 лет назад
CVE-2016-0725 Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.	CVSS3: 6.1	1% Низкий	больше 9 лет назад
CVE-2016-0725 Cross-site scripting (XSS) vulnerability in the search_pagination func ...	CVSS3: 6.1	1% Низкий	больше 9 лет назад
CVE-2016-0724 The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.	CVSS3: 4.3	1% Низкий	больше 9 лет назад
CVE-2016-0724 The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get ...	CVSS3: 4.3	1% Низкий	больше 9 лет назад

Уязвимостей на страницу