Moodle — система управления образовательными электронными курсами

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

Moodle Cross-site Scripting vulnerability

Moodle Improper Access Control vulnerability

Moodle Cross-site Scripting vulnerability

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability was found Moodle which exists due to insufficient li ...

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability was found Moodle which exists due to insufficient sa ...

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.