Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By ...
CVE-2023-5551
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5547
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVE-2023-5548
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVE-2023-5546
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2023-5539 A remote code execution risk was identified in the Lesson activity. By ... | CVSS3: 4.7 | 2% Низкий | около 2 лет назад |
 | CVE-2023-5551 Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5545 H5P metadata automatically populated the author with the user's username, which could be sensitive information. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5544 Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-5547 The course upload preview contained an XSS risk for users uploading unsafe data. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5540 A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | CVSS3: 4.7 | 2% Низкий | около 2 лет назад |
| CVE-2023-5548 Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5541 The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | CVSS3: 3.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-5539 A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. | CVSS3: 4.7 | 2% Низкий | около 2 лет назад |
| CVE-2023-5546 ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | CVSS3: 4.3 | 1% Низкий | около 2 лет назад |
Уязвимостей на страницу