Количество 2 469
Количество 2 469
GHSA-x8rw-c396-qjg7
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
GHSA-x87r-37q5-mmr8
Moodle has CSRF risk in Feedback non-respondents report
GHSA-x7r4-26m9-hmgq
Moodle vulnerable to symlink attack
GHSA-x786-87xq-6mh7
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
GHSA-x6xq-cgc6-h2fq
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role.
GHSA-x6gm-qqwp-76gr
External Control of Assumed-Immutable Web Parameter in moodle
GHSA-x59c-mx27-2m9h
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
GHSA-x47x-gxp5-7pvg
Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.
GHSA-x3x9-349x-2485
moodle: IDOR in edit/delete RSS feed
GHSA-x3x8-fjw6-hccx
Moodle does not consider "don't send" attributes during hub registration
GHSA-x3rw-6g2v-2x72
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
GHSA-x32v-7qw8-cpq8
Moodle Unauthenticated Access
GHSA-x2p9-f5fv-m7m7
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to
GHSA-x2jp-hh65-4xvf
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
GHSA-wxvp-8q8h-r6rr
Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
GHSA-wxqg-fg7v-mmc6
Moodle Authenticated Spelling Binary Remote Code Execution
GHSA-wxmq-v9gx-75pg
Moodle vulnerable to Cross-site Request Forgery
GHSA-wx87-h539-4775
Moodle Information Disclosure vulnerability
GHSA-wwv7-h477-wrv7
Moodle Stored XSS and blind SSRF possible via SCORM track details
GHSA-wwrq-jww7-39jq
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-x8rw-c396-qjg7 The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | 0% Низкий | около 3 лет назад | |
| GHSA-x87r-37q5-mmr8 Moodle has CSRF risk in Feedback non-respondents report | CVSS3: 8.1 | 0% Низкий | 7 месяцев назад |
| GHSA-x7r4-26m9-hmgq Moodle vulnerable to symlink attack | 0% Низкий | около 3 лет назад | |
| GHSA-x786-87xq-6mh7 Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | 0% Низкий | около 3 лет назад | |
| GHSA-x6xq-cgc6-h2fq mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | 0% Низкий | около 3 лет назад | |
| GHSA-x6gm-qqwp-76gr External Control of Assumed-Immutable Web Parameter in moodle | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-x59c-mx27-2m9h Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-x47x-gxp5-7pvg Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task. | 0% Низкий | около 3 лет назад | |
| GHSA-x3x9-349x-2485 moodle: IDOR in edit/delete RSS feed | CVSS3: 6.5 | 0% Низкий | 7 месяцев назад |
| GHSA-x3x8-fjw6-hccx Moodle does not consider "don't send" attributes during hub registration | 0% Низкий | около 3 лет назад | |
| GHSA-x3rw-6g2v-2x72 Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | 1% Низкий | около 3 лет назад | |
| GHSA-x32v-7qw8-cpq8 Moodle Unauthenticated Access | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-x2p9-f5fv-m7m7 Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 1% Низкий | около 3 лет назад | |
| GHSA-x2jp-hh65-4xvf Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle | CVSS3: 5.4 | 1% Низкий | около 4 лет назад |
| GHSA-wxvp-8q8h-r6rr Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory | 1% Низкий | около 3 лет назад | |
| GHSA-wxqg-fg7v-mmc6 Moodle Authenticated Spelling Binary Remote Code Execution | 64% Средний | около 3 лет назад | |
| GHSA-wxmq-v9gx-75pg Moodle vulnerable to Cross-site Request Forgery | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
| GHSA-wx87-h539-4775 Moodle Information Disclosure vulnerability | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-wwv7-h477-wrv7 Moodle Stored XSS and blind SSRF possible via SCORM track details | CVSS3: 6.1 | 0% Низкий | почти 3 года назад |
| GHSA-wwrq-jww7-39jq Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | 1% Низкий | около 3 лет назад |
Уязвимостей на страницу