Логотип exploitDog
product: "moodle"
Консоль
Логотип exploitDog

exploitDog

product: "moodle"
Moodle

Moodleсистема управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle
Вендор: moodle

График релизов

4.14.24.34.44.55.05.12022202320242025202620272028

Недавние уязвимости Moodle

Количество 2 541

debian логотип

CVE-2022-45151

почти 3 года назад

The stored-XSS vulnerability was discovered in Moodle which exists due ...

CVSS3: 5.4
EPSS: Низкий
nvd логотип

CVE-2022-45150

почти 3 года назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
EPSS: Низкий
debian логотип

CVE-2022-45150

почти 3 года назад

A reflected cross-site scripting vulnerability was discovered in Moodl ...

CVSS3: 6.1
EPSS: Низкий
nvd логотип

CVE-2022-45149

почти 3 года назад

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
EPSS: Низкий
debian логотип

CVE-2022-45149

почти 3 года назад

A vulnerability was found in Moodle which exists due to insufficient v ...

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2022-45150

почти 3 года назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2022-45151

почти 3 года назад

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVSS3: 5.4
EPSS: Низкий
ubuntu логотип

CVE-2022-45149

почти 3 года назад

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
EPSS: Низкий
fstec логотип

BDU:2022-07408

почти 3 года назад

Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой введенных пользователем данных в библиотеке поставщика LTI, позволяющая нарушителю выполнять SSRF-атаки

CVSS3: 9.1
EPSS: Низкий
fstec логотип

BDU:2022-07407

почти 3 года назад

Уязвимость системы управления курсами Moodle, связанная с недостаточной очисткой пользовательских данных в нескольких «социальных» полях профиля пользователя, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due ...

CVSS3: 5.4
0%
Низкий
почти 3 года назад
nvd логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
debian логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodl ...

CVSS3: 6.1
0%
Низкий
почти 3 года назад
nvd логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
0%
Низкий
почти 3 года назад
debian логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient v ...

CVSS3: 5.4
0%
Низкий
почти 3 года назад
ubuntu логотип
CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS3: 6.1
0%
Низкий
почти 3 года назад
ubuntu логотип
CVE-2022-45151

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVSS3: 5.4
0%
Низкий
почти 3 года назад
ubuntu логотип
CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

CVSS3: 5.4
0%
Низкий
почти 3 года назад
fstec логотип
BDU:2022-07408

Уязвимость системы управления курсами Moodle, связанная с недостаточной проверкой введенных пользователем данных в библиотеке поставщика LTI, позволяющая нарушителю выполнять SSRF-атаки

CVSS3: 9.1
1%
Низкий
почти 3 года назад
fstec логотип
BDU:2022-07407

Уязвимость системы управления курсами Moodle, связанная с недостаточной очисткой пользовательских данных в нескольких «социальных» полях профиля пользователя, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

CVSS3: 5.4
0%
Низкий
почти 3 года назад

Уязвимостей на страницу

Поделиться