Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2014-3617
The forum_print_latest_discussions function in mod/forum/lib.php in Mo ...
CVE-2014-3617
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.
CVE-2014-3553
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships.
CVE-2014-3553
mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in M ...
CVE-2014-3551
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
CVE-2014-3551
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-gr ...
CVE-2014-3550
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.
CVE-2014-3550
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2014-3617 The forum_print_latest_discussions function in mod/forum/lib.php in Mo ... | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-3617 The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-3553 mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce the moodle/site:accessallgroups capability requirement before proceeding with a post to all groups, which allows remote authenticated users to bypass intended access restrictions by leveraging two or more group memberships. | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3553 mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ... | CVSS2: 4.9 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3552 The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | CVSS2: 6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3552 The Shibboleth authentication plugin in auth/shibboleth/index.php in M ... | CVSS2: 6 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3551 Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric. | CVSS2: 3.5 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3551 Multiple cross-site scripting (XSS) vulnerabilities in the advanced-gr ... | CVSS2: 3.5 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3550 Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3550 Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task ... | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу