Количество 2 470
Количество 2 470
GHSA-gwf6-q6c2-94p3
Moodle ReCAPTCHA can be bypassed on the login page
GHSA-gw95-48xq-gqf9
Moodle sensitive information disclosure
GHSA-gw89-x73p-wccw
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
GHSA-gv8f-43pg-c5qw
Moodle Improper Input Validation vulnerability
GHSA-grvw-qq2j-r898
Moodle multiple cross-site scripting (XSS) vulnerabilities
GHSA-grmj-gpwm-98ww
Moodle Cross-site Scripting vulnerability
GHSA-grj4-g57c-9xmv
Moodle Bypass email verification secret when confirming account registration
GHSA-gr8w-hm62-xw58
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
GHSA-gr8j-qm8r-rfgg
Moodle Improper Access Control
GHSA-gr5q-9q5x-fx8h
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
GHSA-gqrp-qhv8-phrv
Moodle Cross-site Scripting
GHSA-gq9f-8rj4-w7jc
Moodle CSRF risk in admin preset tool management of presets
GHSA-gphj-63h8-r9vq
Moodle directory traversal vulnerability
GHSA-gp4w-f57r-9rx3
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-gmx9-p92v-48wf
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.
GHSA-gmhr-6f43-7qpj
Moodle does not properly implement group-based access restrictions
GHSA-gj2j-ppjq-9pjg
Moodle Cross-site scripting (XSS) vulnerability in course management search
GHSA-ghqg-3wq5-437q
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
GHSA-gfh4-f3wf-9223
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
GHSA-gccq-w3xv-4gqh
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-gwf6-q6c2-94p3 Moodle ReCAPTCHA can be bypassed on the login page | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| GHSA-gw95-48xq-gqf9 Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-gw89-x73p-wccw webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | 0% Низкий | около 3 лет назад | |
| GHSA-gv8f-43pg-c5qw Moodle Improper Input Validation vulnerability | CVSS3: 5.3 | 0% Низкий | больше 2 лет назад |
| GHSA-grvw-qq2j-r898 Moodle multiple cross-site scripting (XSS) vulnerabilities | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-grmj-gpwm-98ww Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| GHSA-grj4-g57c-9xmv Moodle Bypass email verification secret when confirming account registration | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-gr8w-hm62-xw58 Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. | 0% Низкий | около 3 лет назад | |
| GHSA-gr8j-qm8r-rfgg Moodle Improper Access Control | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-gr5q-9q5x-fx8h SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | 0% Низкий | около 3 лет назад | |
| GHSA-gqrp-qhv8-phrv Moodle Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-gq9f-8rj4-w7jc Moodle CSRF risk in admin preset tool management of presets | CVSS3: 8.4 | 0% Низкий | около 1 года назад |
| GHSA-gphj-63h8-r9vq Moodle directory traversal vulnerability | 1% Низкий | около 3 лет назад | |
| GHSA-gp4w-f57r-9rx3 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| GHSA-gmx9-p92v-48wf Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | 1% Низкий | около 3 лет назад | |
| GHSA-gmhr-6f43-7qpj Moodle does not properly implement group-based access restrictions | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-gj2j-ppjq-9pjg Moodle Cross-site scripting (XSS) vulnerability in course management search | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-ghqg-3wq5-437q Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 0% Низкий | около 3 лет назад | |
| GHSA-gfh4-f3wf-9223 Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | 0% Низкий | около 3 лет назад | |
| GHSA-gccq-w3xv-4gqh Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу