Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication ...
CVE-2021-40695
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVE-2021-40692
Insufficient capability checks made it possible for teachers to download users outside of their courses.
GHSA-fm6m-fg23-67jq
Moodle Cross-site Scripting vulnerability
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication plugin. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication ... | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
 | CVE-2021-40695 It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| CVE-2021-40693 An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication plugin. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| CVE-2021-40694 Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | CVSS3: 4.9 | 0% Низкий | почти 3 года назад |
| CVE-2021-40692 Insufficient capability checks made it possible for teachers to download users outside of their courses. | CVSS3: 4.3 | 0% Низкий | почти 3 года назад |
| GHSA-fm6m-fg23-67jq Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
| CVE-2021-36568 In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
| CVE-2021-36568 In certain Moodle products after creating a course, it is possible to ... | CVSS3: 5.4 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу