Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The ...
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitizatio ...
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs ...
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation ...
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input va ...
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2022-35653 A reflected XSS issue was identified in the LTI module of Moodle. The ... | CVSS3: 6.1 | 82% Высокий | больше 3 лет назад |
 | CVE-2022-35652 An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-35652 An open redirect issue was found in Moodle due to improper sanitizatio ... | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-35651 A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-35651 A stored XSS and blind SSRF vulnerability was found in Moodle, occurs ... | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
| CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation ... | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
| CVE-2022-35649 The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад |
| CVE-2022-35649 The vulnerability was found in Moodle, occurs due to improper input va ... | CVSS3: 9.8 | 7% Низкий | больше 3 лет назад |
 | CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default. | CVSS3: 7.5 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу