Количество 2 643
Количество 2 643
GHSA-gw95-48xq-gqf9
Moodle sensitive information disclosure
GHSA-gw89-x73p-wccw
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service.
GHSA-gv8f-43pg-c5qw
Moodle Improper Input Validation vulnerability
GHSA-grvw-qq2j-r898
Moodle multiple cross-site scripting (XSS) vulnerabilities
GHSA-grmj-gpwm-98ww
Moodle Cross-site Scripting vulnerability
GHSA-grj4-g57c-9xmv
Moodle Bypass email verification secret when confirming account registration
GHSA-gr8w-hm62-xw58
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
GHSA-gr8j-qm8r-rfgg
Moodle Improper Access Control
GHSA-gr5q-9q5x-fx8h
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
GHSA-gqrp-qhv8-phrv
Moodle Cross-site Scripting
GHSA-gq9f-8rj4-w7jc
Moodle CSRF risk in admin preset tool management of presets
GHSA-gphj-63h8-r9vq
Moodle directory traversal vulnerability
GHSA-gp4w-f57r-9rx3
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-gmx9-p92v-48wf
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks.
GHSA-gmhr-6f43-7qpj
Moodle does not properly implement group-based access restrictions
GHSA-gj2j-ppjq-9pjg
Moodle Cross-site scripting (XSS) vulnerability in course management search
GHSA-ghqg-3wq5-437q
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.
GHSA-gfh4-f3wf-9223
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
GHSA-gccq-w3xv-4gqh
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
GHSA-g9qp-5vrr-hh2c
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-gw95-48xq-gqf9 Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-gw89-x73p-wccw webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | 0% Низкий | больше 3 лет назад | |
| GHSA-gv8f-43pg-c5qw Moodle Improper Input Validation vulnerability | CVSS3: 5.3 | 0% Низкий | почти 3 года назад |
| GHSA-grvw-qq2j-r898 Moodle multiple cross-site scripting (XSS) vulnerabilities | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-grmj-gpwm-98ww Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | почти 3 года назад |
| GHSA-grj4-g57c-9xmv Moodle Bypass email verification secret when confirming account registration | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-gr8w-hm62-xw58 Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. | 0% Низкий | больше 3 лет назад | |
| GHSA-gr8j-qm8r-rfgg Moodle Improper Access Control | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-gr5q-9q5x-fx8h SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | 0% Низкий | больше 3 лет назад | |
| GHSA-gqrp-qhv8-phrv Moodle Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-gq9f-8rj4-w7jc Moodle CSRF risk in admin preset tool management of presets | CVSS3: 8.4 | 0% Низкий | больше 1 года назад |
| GHSA-gphj-63h8-r9vq Moodle directory traversal vulnerability | 1% Низкий | больше 3 лет назад | |
| GHSA-gp4w-f57r-9rx3 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-gmx9-p92v-48wf Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | 1% Низкий | больше 3 лет назад | |
| GHSA-gmhr-6f43-7qpj Moodle does not properly implement group-based access restrictions | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-gj2j-ppjq-9pjg Moodle Cross-site scripting (XSS) vulnerability in course management search | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-ghqg-3wq5-437q Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | 0% Низкий | больше 3 лет назад | |
| GHSA-gfh4-f3wf-9223 Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-gccq-w3xv-4gqh Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt. | 0% Низкий | больше 3 лет назад | |
| GHSA-g9qp-5vrr-hh2c In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | CVSS3: 7.5 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу