Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 535
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the ...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
CVE-2020-1754
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
GHSA-62wh-m4jr-233r
Moodle LTI module reflected XSS risk
GHSA-wwv7-h477-wrv7
Moodle Stored XSS and blind SSRF possible via SCORM track details
GHSA-xp2f-9mx3-3c6p
Moodle PostScript Code Injection
GHSA-243v-5pff-qqfj
Moodle Open redirect risk in mobile auto-login feature
GHSA-pgm5-cr62-prxq
Moodle Arbitrary file read when importing lesson questions
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the ... | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
 | CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | CVSS3: 5.4 | 1% Низкий | около 3 лет назад |
| CVE-2020-1754 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-62wh-m4jr-233r Moodle LTI module reflected XSS risk | CVSS3: 6.1 | 77% Высокий | около 3 лет назад |
| GHSA-wwv7-h477-wrv7 Moodle Stored XSS and blind SSRF possible via SCORM track details | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-xp2f-9mx3-3c6p Moodle PostScript Code Injection | CVSS3: 9.8 | 6% Низкий | около 3 лет назад |
| GHSA-243v-5pff-qqfj Moodle Open redirect risk in mobile auto-login feature | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-pgm5-cr62-prxq Moodle Arbitrary file read when importing lesson questions | CVSS3: 7.5 | 2% Низкий | около 3 лет назад |
 | CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | CVSS3: 6.1 | 77% Высокий | около 3 лет назад |
| CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The ... | CVSS3: 6.1 | 77% Высокий | около 3 лет назад |
Уязвимостей на страницу