Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2021-40692
Insufficient capability checks made it possible for teachers to downlo ...
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication ...
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40694
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVE-2021-40692
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVE-2021-40695
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
GHSA-fm6m-fg23-67jq
Moodle Cross-site Scripting vulnerability
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2021-40692 Insufficient capability checks made it possible for teachers to downlo ... | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication plugin. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication ... | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
 | CVE-2021-40691 A session hijack risk was identified in the Shibboleth authentication plugin. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-40694 Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | CVSS3: 4.9 | 0% Низкий | больше 3 лет назад |
| CVE-2021-40692 Insufficient capability checks made it possible for teachers to download users outside of their courses. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-40695 It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2021-40693 An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-fm6m-fg23-67jq Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| CVE-2021-36568 In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу