Количество 2 541
Количество 2 541
GHSA-x8rw-c396-qjg7
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
GHSA-x87r-37q5-mmr8
Moodle has CSRF risk in Feedback non-respondents report
GHSA-x7r4-26m9-hmgq
Moodle vulnerable to symlink attack
GHSA-x786-87xq-6mh7
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
GHSA-x6xq-cgc6-h2fq
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
GHSA-x6gm-qqwp-76gr
External Control of Assumed-Immutable Web Parameter in moodle
GHSA-x59c-mx27-2m9h
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
GHSA-x47x-gxp5-7pvg
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.
GHSA-x3x9-349x-2485
moodle: IDOR in edit/delete RSS feed
GHSA-x3x8-fjw6-hccx
Moodle does not consider "don't send" attributes during hub registration
GHSA-x3rw-6g2v-2x72
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
GHSA-x32v-7qw8-cpq8
Moodle Unauthenticated Access
GHSA-x2p9-f5fv-m7m7
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
GHSA-x2jp-hh65-4xvf
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
GHSA-x29x-qwvx-fxr2
Moodle BigBlueButton web service leaks meeting joining information
GHSA-wxvp-8q8h-r6rr
Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
GHSA-wxqg-fg7v-mmc6
Moodle Authenticated Spelling Binary Remote Code Execution
GHSA-wxmq-v9gx-75pg
Moodle vulnerable to Cross-site Request Forgery
GHSA-wx87-h539-4775
Moodle Information Disclosure vulnerability
GHSA-wwv7-h477-wrv7
Moodle Stored XSS and blind SSRF possible via SCORM track details
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-x8rw-c396-qjg7 The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | 0% Низкий | больше 3 лет назад | |
| GHSA-x87r-37q5-mmr8 Moodle has CSRF risk in Feedback non-respondents report | CVSS3: 8.1 | 0% Низкий | 10 месяцев назад |
| GHSA-x7r4-26m9-hmgq Moodle vulnerable to symlink attack | 0% Низкий | больше 3 лет назад | |
| GHSA-x786-87xq-6mh7 Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | 0% Низкий | больше 3 лет назад | |
| GHSA-x6xq-cgc6-h2fq mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | 0% Низкий | больше 3 лет назад | |
| GHSA-x6gm-qqwp-76gr External Control of Assumed-Immutable Web Parameter in moodle | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-x59c-mx27-2m9h Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-x47x-gxp5-7pvg Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | 0% Низкий | больше 3 лет назад | |
| GHSA-x3x9-349x-2485 moodle: IDOR in edit/delete RSS feed | CVSS3: 6.5 | 0% Низкий | 10 месяцев назад |
| GHSA-x3x8-fjw6-hccx Moodle does not consider "don't send" attributes during hub registration | 0% Низкий | больше 3 лет назад | |
| GHSA-x3rw-6g2v-2x72 Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-x32v-7qw8-cpq8 Moodle Unauthenticated Access | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-x2p9-f5fv-m7m7 Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 1% Низкий | больше 3 лет назад | |
| GHSA-x2jp-hh65-4xvf Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle | CVSS3: 5.4 | 1% Низкий | больше 4 лет назад |
| GHSA-x29x-qwvx-fxr2 Moodle BigBlueButton web service leaks meeting joining information | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-wxvp-8q8h-r6rr Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory | 0% Низкий | больше 3 лет назад | |
| GHSA-wxqg-fg7v-mmc6 Moodle Authenticated Spelling Binary Remote Code Execution | 65% Средний | больше 3 лет назад | |
| GHSA-wxmq-v9gx-75pg Moodle vulnerable to Cross-site Request Forgery | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| GHSA-wx87-h539-4775 Moodle Information Disclosure vulnerability | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-wwv7-h477-wrv7 Moodle Stored XSS and blind SSRF possible via SCORM track details | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу