Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 470
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By ...
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVE-2023-5542
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-5550
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-5546
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-5539 A remote code execution risk was identified in the Lesson activity. By ... | CVSS3: 4.7 | 2% Низкий | больше 1 года назад |
 | CVE-2023-5547 The course upload preview contained an XSS risk for users uploading unsafe data. | CVSS3: 3.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5544 Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | CVSS3: 3.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5541 The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | CVSS3: 3.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5542 Students in "Only see own membership" groups could see other students in the group, which should be hidden. | CVSS3: 3.3 | 0% Низкий | больше 1 года назад |
| CVE-2023-5550 In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
| CVE-2023-5546 ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | CVSS3: 4.3 | 1% Низкий | больше 1 года назад |
| CVE-2023-5540 A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | CVSS3: 4.7 | 2% Низкий | больше 1 года назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's username, which could be sensitive information. | CVSS3: 3.3 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу