Логотип exploitDog
product: "moodle"
Консоль
Логотип exploitDog

exploitDog

product: "moodle"
Moodle

Moodleсистема управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle
Вендор: moodle

График релизов

4.14.24.34.44.55.02022202320242025202620272028

Недавние уязвимости Moodle

Количество 2 470

debian логотип

CVE-2022-45151

больше 2 лет назад

The stored-XSS vulnerability was discovered in Moodle which exists due ...

CVSS3: 5.4
EPSS: Низкий
nvd логотип

CVE-2022-45150

больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
EPSS: Низкий
debian логотип

CVE-2022-45150

больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodl ...

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2022-45149

больше 2 лет назад

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
EPSS: Низкий
debian логотип

CVE-2022-45149

больше 2 лет назад

A vulnerability was found in Moodle which exists due to insufficient v ...

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2022-45150

больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2022-45151

больше 2 лет назад

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2022-45149

больше 2 лет назад

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
EPSS: Низкий
fstec логотип

BDU:2022-07407

больше 2 лет назад

Уязвимость системы управления курсами Moodle, связанная с недостаточной очисткой пользовательских данных в нескольких «социальных» полях профиля пользователя, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
EPSS: Низкий
fstec логотип

BDU:2022-07406

больше 2 лет назад

Уязвимость системы управления курсами Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due ...

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
nvd логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
debian логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodl ...

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
nvd логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
debian логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient v ...

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
ubuntu логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
fstec логотип
BDU:2022-07407

Уязвимость системы управления курсами Moodle, связанная с недостаточной очисткой пользовательских данных в нескольких «социальных» полях профиля пользователя, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
0%
Низкий
больше 2 лет назад
fstec логотип
BDU:2022-07406

Уязвимость системы управления курсами Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
0%
Низкий
больше 2 лет назад

Уязвимостей на страницу

Поделиться