Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2014-0215

больше 11 лет назад

The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.

CVSS2: 4

EPSS: Низкий

CVE-2014-0214

больше 11 лет назад

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

CVSS2: 6.8

EPSS: Низкий

CVE-2014-0216

больше 11 лет назад

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.

CVSS2: 5

EPSS: Низкий

CVE-2014-2572

больше 11 лет назад

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.

CVSS2: 4

EPSS: Низкий

CVE-2014-2572

больше 11 лет назад

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not prope ...

CVSS2: 4

EPSS: Низкий

CVE-2014-2571

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.

CVSS2: 3.5

EPSS: Низкий

CVE-2014-2571

больше 11 лет назад

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...

CVSS2: 3.5

EPSS: Низкий

CVE-2014-0127

больше 11 лет назад

The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.

CVSS2: 4.9

EPSS: Низкий

CVE-2014-0129

больше 11 лет назад

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.

CVSS2: 4

EPSS: Низкий

CVE-2014-0129

больше 11 лет назад

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6. ...

CVSS2: 4

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2014-0215 The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.	CVSS2: 4	0% Низкий	больше 11 лет назад
CVE-2014-0214 login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.	CVSS2: 6.8	0% Низкий	больше 11 лет назад
CVE-2014-0216 The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block.	CVSS2: 5	0% Низкий	больше 11 лет назад
CVE-2014-2572 mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.	CVSS2: 4	0% Низкий	больше 11 лет назад
CVE-2014-2572 mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not prope ...	CVSS2: 4	0% Низкий	больше 11 лет назад
CVE-2014-2571 Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.	CVSS2: 3.5	0% Низкий	больше 11 лет назад
CVE-2014-2571 Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...	CVSS2: 3.5	0% Низкий	больше 11 лет назад
CVE-2014-0127 The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.	CVSS2: 4.9	0% Низкий	больше 11 лет назад
CVE-2014-0129 badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors.	CVSS2: 4	0% Низкий	больше 11 лет назад
CVE-2014-0129 badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6. ...	CVSS2: 4	0% Низкий	больше 11 лет назад

Уязвимостей на страницу