Количество 2 470
Количество 2 470
GHSA-g9qp-5vrr-hh2c
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
GHSA-g9m2-c2x5-fr2v
Moodle does not revoke role capabilities correctly
GHSA-g9hp-48jv-xq85
Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php.
GHSA-g96h-wvrm-c2ww
Moodle Improper Access Control
GHSA-g8r3-2v89-j6r5
Moodle IDOR when accessing list of badge recipients
GHSA-g6h6-4fp6-w33w
Moodle vulnerable to Stored Cross-site Scripting
GHSA-g6cp-x8gq-65wc
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.
GHSA-g632-g52c-3j8c
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
GHSA-g5p6-83fw-2xvf
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.
GHSA-g5m5-j48g-fr24
Moodle Cross Site Scripting (XSS)
GHSA-g58x-p3pj-rg52
Moodle Glossary search displays entries without checking user permissions to view them
GHSA-g4wf-f588-7xc7
mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.
GHSA-fwfj-8p36-rc64
Moodle vulnerable to Cross-site Scripting
GHSA-frr2-fxm8-76rw
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.
GHSA-frhc-9hwc-x7j3
Moodle allows attackers to obtain sensitive information
GHSA-fr9m-pjmm-qx9f
Moodle allows attackers to obtain sensitive calendar-event information
GHSA-fqrg-vmvj-jv3x
Moodle allows attackers obtain full-name information
GHSA-fq3r-xmqf-p5w7
** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
GHSA-fp4h-j22r-vwcv
Moodle allows attackers to obtain sensitive course information
GHSA-fmq9-58q4-xjw5
Moodle allows attackers to discover hidden course names
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-g9qp-5vrr-hh2c In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| GHSA-g9m2-c2x5-fr2v Moodle does not revoke role capabilities correctly | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-g9hp-48jv-xq85 Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php. | 1% Низкий | около 3 лет назад | |
| GHSA-g96h-wvrm-c2ww Moodle Improper Access Control | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-g8r3-2v89-j6r5 Moodle IDOR when accessing list of badge recipients | 0% Низкий | 7 месяцев назад | |
| GHSA-g6h6-4fp6-w33w Moodle vulnerable to Stored Cross-site Scripting | CVSS3: 4.8 | 0% Низкий | больше 2 лет назад |
| GHSA-g6cp-x8gq-65wc Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | 0% Низкий | около 3 лет назад | |
| GHSA-g632-g52c-3j8c Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. | 0% Низкий | около 3 лет назад | |
| GHSA-g5p6-83fw-2xvf lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | 0% Низкий | около 3 лет назад | |
| GHSA-g5m5-j48g-fr24 Moodle Cross Site Scripting (XSS) | CVSS3: 5.4 | 0% Низкий | около 3 лет назад |
| GHSA-g58x-p3pj-rg52 Moodle Glossary search displays entries without checking user permissions to view them | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-g4wf-f588-7xc7 mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-fwfj-8p36-rc64 Moodle vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | почти 2 года назад |
| GHSA-frr2-fxm8-76rw The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | 0% Низкий | около 3 лет назад | |
| GHSA-frhc-9hwc-x7j3 Moodle allows attackers to obtain sensitive information | 0% Низкий | около 3 лет назад | |
| GHSA-fr9m-pjmm-qx9f Moodle allows attackers to obtain sensitive calendar-event information | 0% Низкий | около 3 лет назад | |
| GHSA-fqrg-vmvj-jv3x Moodle allows attackers obtain full-name information | 0% Низкий | около 3 лет назад | |
| GHSA-fq3r-xmqf-p5w7 ** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not." | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| GHSA-fp4h-j22r-vwcv Moodle allows attackers to obtain sensitive course information | 0% Низкий | около 3 лет назад | |
| GHSA-fmq9-58q4-xjw5 Moodle allows attackers to discover hidden course names | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу