Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
GHSA-2hw8-qj3h-c7pq
badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter.
GHSA-wjh9-wgjp-jmj6
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
GHSA-9ww8-j8j2-3788
YUI Cross-site Scripting (XSS) vulnerability
GHSA-475h-wv64-r896
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.
GHSA-x5hj-47vv-53p8
YUI Cross-site Scripting (XSS) vulnerability
GHSA-64r3-582j-frqm
YUI Cross-site Scripting (XSS) vulnerability
GHSA-782m-5wvg-q53x
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.
GHSA-cxp8-jjf5-6whc
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.
GHSA-vm9c-39jx-q45w
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
GHSA-9r38-f9p6-3f7p
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-2hw8-qj3h-c7pq badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-wjh9-wgjp-jmj6 report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | 0% Низкий | больше 3 лет назад | |
| GHSA-9ww8-j8j2-3788 YUI Cross-site Scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-475h-wv64-r896 Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. | 0% Низкий | больше 3 лет назад | |
| GHSA-x5hj-47vv-53p8 YUI Cross-site Scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-64r3-582j-frqm YUI Cross-site Scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-782m-5wvg-q53x The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | 0% Низкий | больше 3 лет назад | |
| GHSA-cxp8-jjf5-6whc Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. | 0% Низкий | больше 3 лет назад | |
| GHSA-vm9c-39jx-q45w Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | 0% Низкий | больше 3 лет назад | |
| GHSA-9r38-f9p6-3f7p rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу