Количество 2 470
Количество 2 470
GHSA-cx8w-wqgc-mpmh
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
GHSA-cwhp-rqfr-8462
Moodle XSS Vulnerability
GHSA-cw72-69wq-f9f2
Moodle External function mod_assign_save_submission does not check due dates
GHSA-crcq-pw8h-9xwf
Moodle does not provide charset information in HTTP headers
GHSA-cr78-rphw-w73p
Moodle Arbitrary File Read via Backup Functionality
GHSA-cq5f-wv7p-5gfc
Moodle leaks user names
GHSA-cpp3-82c5-xhqm
Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/.
GHSA-cp8m-h777-g4p3
Improper Access Control in moodle
GHSA-cp39-43xr-2wrp
Moodle XSS Vulnerability
GHSA-cm4r-58pj-h2ph
Moodle allows attackers to extract archives to arbitrary directories
GHSA-cjrf-xg77-chpw
Moodle Incorrect sanitation of attributes in forums
GHSA-cj27-r58c-6p6v
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
GHSA-ch68-5r37-p7c3
Moodle cross-site scripting (XSS) vulnerability
GHSA-cfc8-jvc8-5w3f
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.
GHSA-ccwc-3v75-qp35
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
GHSA-cc94-hwj3-rf65
Moodle's login_as feature leaks information from external repositories
GHSA-c9jp-244j-vh78
Moodle cross-site scripting (XSS) vulnerability
GHSA-c9hq-g4q8-w893
Privilage Escalation in moodle
GHSA-c8pm-7v2j-xmww
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
GHSA-c87j-9rrq-h3j8
Moodle allows attackers to trigger the generation of arbitrary messages
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-cx8w-wqgc-mpmh Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. | 0% Низкий | около 3 лет назад | |
| GHSA-cwhp-rqfr-8462 Moodle XSS Vulnerability | CVSS3: 5.4 | 1% Низкий | почти 3 года назад |
| GHSA-cw72-69wq-f9f2 Moodle External function mod_assign_save_submission does not check due dates | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-crcq-pw8h-9xwf Moodle does not provide charset information in HTTP headers | 0% Низкий | около 3 лет назад | |
| GHSA-cr78-rphw-w73p Moodle Arbitrary File Read via Backup Functionality | 0% Низкий | около 3 лет назад | |
| GHSA-cq5f-wv7p-5gfc Moodle leaks user names | CVSS3: 4.3 | 0% Низкий | 7 месяцев назад |
| GHSA-cpp3-82c5-xhqm Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a direct request for session (sess_*) files in moodledata/sessions/. | 3% Низкий | около 3 лет назад | |
| GHSA-cp8m-h777-g4p3 Improper Access Control in moodle | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-cp39-43xr-2wrp Moodle XSS Vulnerability | 1% Низкий | около 3 лет назад | |
| GHSA-cm4r-58pj-h2ph Moodle allows attackers to extract archives to arbitrary directories | 0% Низкий | около 3 лет назад | |
| GHSA-cjrf-xg77-chpw Moodle Incorrect sanitation of attributes in forums | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-cj27-r58c-6p6v Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 0% Низкий | около 3 лет назад | |
| GHSA-ch68-5r37-p7c3 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-cfc8-jvc8-5w3f SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. | 0% Низкий | около 3 лет назад | |
| GHSA-ccwc-3v75-qp35 Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 2% Низкий | около 3 лет назад | |
| GHSA-cc94-hwj3-rf65 Moodle's login_as feature leaks information from external repositories | 0% Низкий | около 3 лет назад | |
| GHSA-c9jp-244j-vh78 Moodle cross-site scripting (XSS) vulnerability | 1% Низкий | около 3 лет назад | |
| GHSA-c9hq-g4q8-w893 Privilage Escalation in moodle | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| GHSA-c8pm-7v2j-xmww The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. | 6% Низкий | около 3 лет назад | |
| GHSA-c87j-9rrq-h3j8 Moodle allows attackers to trigger the generation of arbitrary messages | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу