Логотип exploitDog
product: "moodle"
Консоль
Логотип exploitDog

exploitDog

product: "moodle"
Moodle

Moodleсистема управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle
Вендор: moodle

График релизов

4.55.05.120242025202620272028

Недавние уязвимости Moodle

Количество 2 647

nvd логотип

CVE-2011-4282

больше 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

CVSS2: 4.3
EPSS: Низкий
debian логотип

CVE-2011-4282

больше 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-4281

больше 13 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

CVSS2: 6.8
EPSS: Низкий
debian логотип

CVE-2011-4281

больше 13 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2011-4280

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
debian логотип

CVE-2011-4280

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2011-4279

больше 13 лет назад

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

CVSS2: 5
EPSS: Низкий
debian логотип

CVE-2011-4279

больше 13 лет назад

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2011-4278

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
EPSS: Низкий
debian логотип

CVE-2011-4278

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
nvd логотип
CVE-2011-4282

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

CVSS2: 4.3
0%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-4282

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...

CVSS2: 4.3
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-4281

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of (1) an activity or (2) a course.

CVSS2: 6.8
0%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-4281

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2 ...

CVSS2: 6.8
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-4280

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
3%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-4280

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...

CVSS2: 4.3
3%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-4279

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.

CVSS2: 5
0%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-4279

Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...

CVSS2: 5
0%
Низкий
больше 13 лет назад
nvd логотип
CVE-2011-4278

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS2: 4.3
0%
Низкий
больше 13 лет назад
debian логотип
CVE-2011-4278

Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...

CVSS2: 4.3
0%
Низкий
больше 13 лет назад

Уязвимостей на страницу

Поделиться