Moodle — система управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle

Вендор: moodle

График релизов

Недавние уязвимости Moodle

Количество 2 541

CVE-2023-46858

около 2 лет назад

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

CVSS3: 5.4

EPSS: Низкий

CVE-2023-46858

около 2 лет назад

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...

CVSS3: 5.4

EPSS: Низкий

CVE-2023-46858

около 2 лет назад

CVSS3: 5.4

EPSS: Низкий

GHSA-fwfj-8p36-rc64

больше 2 лет назад

Moodle vulnerable to Cross-site Scripting

CVSS3: 6.1

EPSS: Низкий

GHSA-49mv-vfcp-8gg9

больше 2 лет назад

Moodle vulnerable to SQL Injection

CVSS3: 6.3

EPSS: Низкий

GHSA-xxp4-mf4h-6cwm

больше 2 лет назад

Moodle vulnerable to Server Side Request Forgery

CVSS3: 7.5

EPSS: Низкий

CVE-2023-35133

больше 2 лет назад

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVSS3: 7.5

EPSS: Низкий

CVE-2023-35133

больше 2 лет назад

An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...

CVSS3: 7.5

EPSS: Низкий

CVE-2023-35132

больше 2 лет назад

A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

CVSS3: 6.3

EPSS: Низкий

CVE-2023-35132

больше 2 лет назад

A limited SQL injection risk was identified on the Mnet SSO access con ...

CVSS3: 6.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."	CVSS3: 5.4	0% Низкий	около 2 лет назад
CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...	CVSS3: 5.4	0% Низкий	около 2 лет назад
CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."	CVSS3: 5.4	0% Низкий	около 2 лет назад
GHSA-fwfj-8p36-rc64 Moodle vulnerable to Cross-site Scripting	CVSS3: 6.1	1% Низкий	больше 2 лет назад
GHSA-49mv-vfcp-8gg9 Moodle vulnerable to SQL Injection	CVSS3: 6.3	0% Низкий	больше 2 лет назад
GHSA-xxp4-mf4h-6cwm Moodle vulnerable to Server Side Request Forgery	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...	CVSS3: 7.5	0% Низкий	больше 2 лет назад
CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.	CVSS3: 6.3	0% Низкий	больше 2 лет назад
CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access con ...	CVSS3: 6.3	0% Низкий	больше 2 лет назад

Уязвимостей на страницу