Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 499
GHSA-9r38-f9p6-3f7p
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
GHSA-ch68-5r37-p7c3
Moodle cross-site scripting (XSS) vulnerability
GHSA-h46g-v2m5-f7jh
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document.
GHSA-75c6-xqwr-v2r9
Moodle cross-site scripting (XSS) vulnerability
GHSA-pg89-qp74-vch2
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
GHSA-5rr5-fxhc-jv64
Moodle allows attackers to modify the visibility of a badge
GHSA-6p3g-hw27-qh44
Moodle's time-validation implementation allows bypassing intended restrictions
GHSA-267j-cwvg-j28c
Moodle attackers to modify grade metadata
GHSA-c3vx-v4x8-x894
Moodle does not check for the moodle/course:viewhiddencourses capability
GHSA-h75f-hjcr-cvh8
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-9r38-f9p6-3f7p rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | 0% Низкий | больше 3 лет назад | |
| GHSA-ch68-5r37-p7c3 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-h46g-v2m5-f7jh mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by reading the HTML source code of a document. | 0% Низкий | больше 3 лет назад | |
| GHSA-75c6-xqwr-v2r9 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-pg89-qp74-vch2 mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | 0% Низкий | больше 3 лет назад | |
| GHSA-5rr5-fxhc-jv64 Moodle allows attackers to modify the visibility of a badge | 0% Низкий | больше 3 лет назад | |
| GHSA-6p3g-hw27-qh44 Moodle's time-validation implementation allows bypassing intended restrictions | 0% Низкий | больше 3 лет назад | |
| GHSA-267j-cwvg-j28c Moodle attackers to modify grade metadata | 0% Низкий | больше 3 лет назад | |
| GHSA-c3vx-v4x8-x894 Moodle does not check for the moodle/course:viewhiddencourses capability | 0% Низкий | больше 3 лет назад | |
| GHSA-h75f-hjcr-cvh8 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу