Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks.
GHSA-xv72-6pgh-cjj8
Moodle stored-XSS vulnerability in some "social" user profile fields
GHSA-8v23-w4w5-w83c
Cross-Site Request Forgery in Moodle
GHSA-6gx2-g773-hv9h
Moodle reflected cross-site scripting vulnerability in policy tool
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due ...
CVE-2022-45150
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
CVE-2022-45150
A reflected cross-site scripting vulnerability was discovered in Moodl ...
CVE-2022-45149
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.
CVE-2022-45149
A vulnerability was found in Moodle which exists due to insufficient v ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-45152 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
| GHSA-xv72-6pgh-cjj8 Moodle stored-XSS vulnerability in some "social" user profile fields | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-8v23-w4w5-w83c Cross-Site Request Forgery in Moodle | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-6gx2-g773-hv9h Moodle reflected cross-site scripting vulnerability in policy tool | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
 | CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| CVE-2022-45151 The stored-XSS vulnerability was discovered in Moodle which exists due ... | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| CVE-2022-45150 A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| CVE-2022-45150 A reflected cross-site scripting vulnerability was discovered in Moodl ... | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| CVE-2022-45149 A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| CVE-2022-45149 A vulnerability was found in Moodle which exists due to insufficient v ... | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу