Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
CVE-2014-3544
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...
CVE-2014-3543
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format.
CVE-2014-3543
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...
CVE-2014-3542
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-3542
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5 ...
CVE-2014-3541
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
CVE-2014-3541
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4. ...
CVE-2014-3545
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz.
CVE-2014-3549
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2014-3544 Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. | CVSS2: 3.5 | 1% Низкий | больше 11 лет назад |
| CVE-2014-3544 Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ... | CVSS2: 3.5 | 1% Низкий | больше 11 лет назад |
| CVE-2014-3543 mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3543 mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ... | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3542 mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3542 mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5 ... | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-3541 The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on. | CVSS2: 7.5 | 2% Низкий | больше 11 лет назад |
| CVE-2014-3541 The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4. ... | CVSS2: 7.5 | 2% Низкий | больше 11 лет назад |
 | CVE-2014-3545 Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. | CVSS2: 6 | 1% Низкий | больше 11 лет назад |
| CVE-2014-3549 Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу