Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 470
BDU:2023-03477
Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
BDU:2023-03462
Уязвимость виртуальной обучающей среды Moodle, связанная с неправильным контролем доступа, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям
GHSA-xqcf-vgqc-pcmg
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
GHSA-6gx2-g773-hv9h
Moodle reflected cross-site scripting vulnerability in policy tool
GHSA-xv72-6pgh-cjj8
Moodle stored-XSS vulnerability in some "social" user profile fields
GHSA-8v23-w4w5-w83c
Cross-Site Request Forgery in Moodle
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2023-03477 Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| BDU:2023-03462 Уязвимость виртуальной обучающей среды Moodle, связанная с неправильным контролем доступа, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям | CVSS3: 8.2 | 0% Низкий | больше 2 лет назад |
| GHSA-xqcf-vgqc-pcmg Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in ... | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 0% Низкий | больше 2 лет назад |
| GHSA-6gx2-g773-hv9h Moodle reflected cross-site scripting vulnerability in policy tool | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| GHSA-xv72-6pgh-cjj8 Moodle stored-XSS vulnerability in some "social" user profile fields | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| GHSA-8v23-w4w5-w83c Cross-Site Request Forgery in Moodle | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу