Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
GHSA-w2pm-fr62-jgv4
Moodle vulnerable to stored Cross-site Scripting
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting ...
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript).
GHSA-22gj-8qj2-fj46
Moodle External Control of File Name or Path vulnerability
GHSA-7mmc-22g7-3xq2
Moodle SQL Injection vulnerability
CVE-2023-30944
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
CVE-2023-30944
The vulnerability was found Moodle which exists due to insufficient sa ...
CVE-2023-30943
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CVE-2023-30943
The vulnerability was found Moodle which exists because the applicatio ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-w2pm-fr62-jgv4 Moodle vulnerable to stored Cross-site Scripting | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2021-27131 Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| CVE-2021-27131 Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting ... | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
 | CVE-2021-27131 Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). | CVSS3: 5.4 | 0% Низкий | больше 2 лет назад |
| GHSA-22gj-8qj2-fj46 Moodle External Control of File Name or Path vulnerability | CVSS3: 5.3 | 16% Средний | почти 3 года назад |
| GHSA-7mmc-22g7-3xq2 Moodle SQL Injection vulnerability | CVSS3: 7.3 | 1% Низкий | почти 3 года назад |
| CVE-2023-30944 The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | CVSS3: 5.6 | 1% Низкий | почти 3 года назад |
| CVE-2023-30944 The vulnerability was found Moodle which exists due to insufficient sa ... | CVSS3: 5.6 | 1% Низкий | почти 3 года назад |
| CVE-2023-30943 The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | CVSS3: 6.5 | 16% Средний | почти 3 года назад |
| CVE-2023-30943 The vulnerability was found Moodle which exists because the applicatio ... | CVSS3: 6.5 | 16% Средний | почти 3 года назад |
Уязвимостей на страницу