Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2014-0126
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ...
CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module.
CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and m ...
CVE-2014-0122
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
CVE-2014-0123
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student.
CVE-2014-0123
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...
CVE-2014-0122
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ...
CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flas ...
CVE-2014-2571
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2014-0126 Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise ... | CVSS2: 6.8 | 0% Низкий | почти 12 лет назад |
 | CVE-2014-0124 The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. | CVSS2: 4 | 0% Низкий | почти 12 лет назад |
| CVE-2014-0124 The identity-reporting implementations in mod/forum/renderer.php and m ... | CVSS2: 4 | 0% Низкий | почти 12 лет назад |
| CVE-2014-0122 mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. | CVSS2: 4.9 | 0% Низкий | почти 12 лет назад |
| CVE-2014-0123 The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. | CVSS2: 4.9 | 0% Низкий | почти 12 лет назад |
| CVE-2014-0123 The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ... | CVSS2: 4.9 | 0% Низкий | почти 12 лет назад |
| CVE-2014-0122 mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2 ... | CVSS2: 4.9 | 0% Низкий | почти 12 лет назад |
| CVE-2013-7341 Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. | CVSS2: 4.3 | 0% Низкий | почти 12 лет назад |
| CVE-2013-7341 Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flas ... | CVSS2: 4.3 | 0% Низкий | почти 12 лет назад |
 | CVE-2014-2571 Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question. | CVSS2: 3.5 | 0% Низкий | почти 12 лет назад |
Уязвимостей на страницу