Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 499
GHSA-gj2j-ppjq-9pjg
Moodle Cross-site scripting (XSS) vulnerability in course management search
GHSA-mj85-3hqq-r6r9
Moodle Reflected XSS in mod_data advanced search
GHSA-wxqg-fg7v-mmc6
Moodle Authenticated Spelling Binary Remote Code Execution
GHSA-45rw-4r25-jvg7
Moodle Logged in users could view all calendar events
GHSA-qrcj-6fjw-3h9h
Moodle XSS Vulnerability
GHSA-wm4w-8vc6-2j4h
Moodle XSS Vulnerability
GHSA-8wf8-rc66-c638
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
GHSA-7w7p-v23v-56qr
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
GHSA-6w97-x9wf-g8mv
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
GHSA-79vx-7whj-rvvr
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-gj2j-ppjq-9pjg Moodle Cross-site scripting (XSS) vulnerability in course management search | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-mj85-3hqq-r6r9 Moodle Reflected XSS in mod_data advanced search | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-wxqg-fg7v-mmc6 Moodle Authenticated Spelling Binary Remote Code Execution | 64% Средний | больше 3 лет назад | |
| GHSA-45rw-4r25-jvg7 Moodle Logged in users could view all calendar events | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-qrcj-6fjw-3h9h Moodle XSS Vulnerability | CVSS3: 4.8 | 1% Низкий | больше 3 лет назад |
| GHSA-wm4w-8vc6-2j4h Moodle XSS Vulnerability | CVSS3: 5.3 | 10% Низкий | больше 3 лет назад |
| GHSA-8wf8-rc66-c638 Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. | 13% Средний | больше 3 лет назад | |
| GHSA-7w7p-v23v-56qr SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | 1% Низкий | больше 3 лет назад | |
| GHSA-6w97-x9wf-g8mv login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | 1% Низкий | больше 3 лет назад | |
| GHSA-79vx-7whj-rvvr Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу