Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when ...
CVE-2024-38274
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
CVE-2024-38274
Insufficient escaping of calendar event titles resulted in a stored XS ...
CVE-2024-38273
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
CVE-2024-38273
Insufficient capability checks meant it was possible for users to gain ...
CVE-2024-38273
Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
CVE-2024-38275
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-38277
A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
CVE-2024-38276
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-38274
Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when ... | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
 | CVE-2024-38274 Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2024-38274 Insufficient escaping of calendar event titles resulted in a stored XS ... | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| CVE-2024-38273 Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2024-38273 Insufficient capability checks meant it was possible for users to gain ... | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
 | CVE-2024-38273 Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2024-38275 The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | CVSS3: 7.5 | 1% Низкий | больше 1 года назад |
| CVE-2024-38277 A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2024-38276 Incorrect CSRF token checks resulted in multiple CSRF risks. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-38274 Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу