Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the ...
CVE-2020-1754
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
GHSA-62wh-m4jr-233r
Moodle LTI module reflected XSS risk
GHSA-wwv7-h477-wrv7
Moodle Stored XSS and blind SSRF possible via SCORM track details
GHSA-xp2f-9mx3-3c6p
Moodle PostScript Code Injection
GHSA-pgm5-cr62-prxq
Moodle Arbitrary file read when importing lesson questions
GHSA-243v-5pff-qqfj
Moodle Open redirect risk in mobile auto-login feature
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the ... | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
 | CVE-2020-1754 In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| CVE-2020-1691 In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | CVSS3: 5.4 | 1% Низкий | больше 3 лет назад |
| GHSA-62wh-m4jr-233r Moodle LTI module reflected XSS risk | CVSS3: 6.1 | 82% Высокий | больше 3 лет назад |
| GHSA-wwv7-h477-wrv7 Moodle Stored XSS and blind SSRF possible via SCORM track details | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-xp2f-9mx3-3c6p Moodle PostScript Code Injection | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад |
| GHSA-pgm5-cr62-prxq Moodle Arbitrary file read when importing lesson questions | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
| GHSA-243v-5pff-qqfj Moodle Open redirect risk in mobile auto-login feature | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. | CVSS3: 6.1 | 82% Высокий | больше 3 лет назад |
Уязвимостей на страницу