Moodle — система управления образовательными электронными курсами

Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.

Cross-site scripting (XSS) vulnerability in repository/lib.php in Mood ...

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.

mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x be ...

mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum.

mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2 ...

lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.

lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 do ...

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typesse ...