Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 470

CVE-2023-46858

больше 1 года назад

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

CVSS3: 5.4

EPSS: Низкий

CVE-2023-46858

больше 1 года назад

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...

CVSS3: 5.4

EPSS: Низкий

CVE-2023-46858

больше 1 года назад

** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

CVSS3: 5.4

EPSS: Низкий

GHSA-xxp4-mf4h-6cwm

около 2 лет назад

Moodle vulnerable to Server Side Request Forgery

CVSS3: 7.5

EPSS: Низкий

GHSA-49mv-vfcp-8gg9

около 2 лет назад

Moodle vulnerable to SQL Injection

CVSS3: 6.3

EPSS: Низкий

GHSA-fwfj-8p36-rc64

около 2 лет назад

Moodle vulnerable to Cross-site Scripting

CVSS3: 6.1

EPSS: Низкий

CVE-2023-35133

около 2 лет назад

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-35133

около 2 лет назад

An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...

CVSS3: 7.5

EPSS: Низкий

CVE-2023-35132

около 2 лет назад

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVSS3: 6.3

EPSS: Низкий

CVE-2023-35132

около 2 лет назад

A limited SQL injection risk was identified on the Mnet SSO access con ...

CVSS3: 6.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."	CVSS3: 5.4	0% Низкий	больше 1 года назад
CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...	CVSS3: 5.4	0% Низкий	больше 1 года назад
CVE-2023-46858 DISPUTED Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."	CVSS3: 5.4	0% Низкий	больше 1 года назад
GHSA-xxp4-mf4h-6cwm Moodle vulnerable to Server Side Request Forgery	CVSS3: 7.5	0% Низкий	около 2 лет назад
GHSA-49mv-vfcp-8gg9 Moodle vulnerable to SQL Injection	CVSS3: 6.3	0% Низкий	около 2 лет назад
GHSA-fwfj-8p36-rc64 Moodle vulnerable to Cross-site Scripting	CVSS3: 6.1	1% Низкий	около 2 лет назад
CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVSS3: 7.5	0% Низкий	около 2 лет назад
CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...	CVSS3: 7.5	0% Низкий	около 2 лет назад
CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVSS3: 6.3	0% Низкий	около 2 лет назад
CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access con ...	CVSS3: 6.3	0% Низкий	около 2 лет назад

Уязвимостей на страницу