Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
BDU:2023-03477
Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
BDU:2023-03462
Уязвимость виртуальной обучающей среды Moodle, связанная с неправильным контролем доступа, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям
GHSA-xqcf-vgqc-pcmg
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
GHSA-xv72-6pgh-cjj8
Moodle stored-XSS vulnerability in some "social" user profile fields
GHSA-6gx2-g773-hv9h
Moodle reflected cross-site scripting vulnerability in policy tool
GHSA-8v23-w4w5-w83c
Cross-Site Request Forgery in Moodle
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2023-03477 Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS) | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| BDU:2023-03462 Уязвимость виртуальной обучающей среды Moodle, связанная с неправильным контролем доступа, позволяющая нарушителю получить несанкционированный доступ к ограниченным функциям | CVSS3: 8.2 | 0% Низкий | больше 2 лет назад |
| GHSA-xqcf-vgqc-pcmg Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
| CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in ... | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 1% Низкий | почти 3 года назад |
| GHSA-xv72-6pgh-cjj8 Moodle stored-XSS vulnerability in some "social" user profile fields | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
| GHSA-6gx2-g773-hv9h Moodle reflected cross-site scripting vulnerability in policy tool | CVSS3: 6.1 | 0% Низкий | почти 3 года назад |
| GHSA-8v23-w4w5-w83c Cross-Site Request Forgery in Moodle | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
| CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу