Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-86v9-gqh9-8268
Moodle vulnerable to Cross-site Scripting
GHSA-hhxf-w8hj-43w6
Moodle vulnerable to Cross-site Scripting
GHSA-37mm-gc69-pw8r
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
GHSA-j5rc-cr5w-vfg6
Moodle Session Fixation vulnerability
GHSA-966m-m549-2878
Moodle is vulnerable to unauthorized new accounts creation
GHSA-5fgv-cvr8-xg48
Moodle vulnerable to Cross-site Scripting
GHSA-q53j-c866-h9mw
Moodle doesn't properly check role
GHSA-7cvw-wrj9-q5fp
Moodle vulnerable to Cross-Site Request Forgery
GHSA-r4vq-7rgp-99hx
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
GHSA-7xv5-m4rh-f939
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-86v9-gqh9-8268 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-hhxf-w8hj-43w6 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-37mm-gc69-pw8r Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | 1% Низкий | больше 3 лет назад | |
| GHSA-j5rc-cr5w-vfg6 Moodle Session Fixation vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-966m-m549-2878 Moodle is vulnerable to unauthorized new accounts creation | 0% Низкий | больше 3 лет назад | |
| GHSA-5fgv-cvr8-xg48 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-q53j-c866-h9mw Moodle doesn't properly check role | 0% Низкий | больше 3 лет назад | |
| GHSA-7cvw-wrj9-q5fp Moodle vulnerable to Cross-Site Request Forgery | 0% Низкий | больше 3 лет назад | |
| GHSA-r4vq-7rgp-99hx mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | 0% Низкий | больше 3 лет назад | |
| GHSA-7xv5-m4rh-f939 Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу