Количество 2 470
Количество 2 470
GHSA-9qm6-cmrx-3j39
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
GHSA-9qgq-93c7-9hm4
Moodle stored Cross-site Scripting (XSS)
GHSA-9q29-jcjw-fw7h
Moodle Incorrect Authorization vulnerability
GHSA-9p54-pc88-36c4
Moodle does not properly restrict access to category and course data
GHSA-9jf6-wq34-fg9w
Moodle XSS Vulnerability
GHSA-9gqp-3g28-w9xc
Moodle Cross-site Scripting vulnerability
GHSA-9fmw-m4qx-6cq8
Moodle cross-site scripting (XSS) vulnerability
GHSA-9fh3-hj27-mwr8
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
GHSA-9f45-9qrw-pp4v
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
GHSA-9cg4-4f87-jhm3
Moodle XSS in attachments to evidence of prior learning
GHSA-99w2-c54x-whrx
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
GHSA-995f-r3qg-j3mx
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.
GHSA-98mf-mqw9-9q8q
Moodle Global search displays user names for unauthenticated users
GHSA-97qf-pq7x-964m
Moodle Cross-site Scripting vulnerability
GHSA-9724-h8p7-r3jv
Moodle Cross-site Scripting vulnerability
GHSA-966m-m549-2878
Moodle is vulnerable to unauthorized new accounts creation
GHSA-95qp-qwjg-22x9
lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages.
GHSA-948f-j464-rfj2
Moodle may allow students to bypass sequential navigation during a quiz attempt
GHSA-93wh-35r4-6qmw
Moodle allowed some users without permission to view other users' full names
GHSA-93pj-4p65-qmr9
Insufficient user authorization in Moodle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-9qm6-cmrx-3j39 Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | 0% Низкий | около 3 лет назад | |
| GHSA-9qgq-93c7-9hm4 Moodle stored Cross-site Scripting (XSS) | CVSS3: 6.1 | 0% Низкий | около 1 года назад |
| GHSA-9q29-jcjw-fw7h Moodle Incorrect Authorization vulnerability | CVSS3: 8.8 | 64% Средний | почти 3 года назад |
| GHSA-9p54-pc88-36c4 Moodle does not properly restrict access to category and course data | 0% Низкий | около 3 лет назад | |
| GHSA-9jf6-wq34-fg9w Moodle XSS Vulnerability | CVSS3: 6.1 | 1% Низкий | около 3 лет назад |
| GHSA-9gqp-3g28-w9xc Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
| GHSA-9fmw-m4qx-6cq8 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-9fh3-hj27-mwr8 The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | 0% Низкий | около 3 лет назад | |
| GHSA-9f45-9qrw-pp4v Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional | CVSS3: 6.1 | 0% Низкий | около 2 лет назад |
| GHSA-9cg4-4f87-jhm3 Moodle XSS in attachments to evidence of prior learning | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-99w2-c54x-whrx Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | 0% Низкий | около 3 лет назад | |
| GHSA-995f-r3qg-j3mx A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect. | CVSS3: 6.1 | 0% Низкий | около 3 лет назад |
| GHSA-98mf-mqw9-9q8q Moodle Global search displays user names for unauthenticated users | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-97qf-pq7x-964m Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 2 лет назад |
| GHSA-9724-h8p7-r3jv Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 1% Низкий | больше 1 года назад |
| GHSA-966m-m549-2878 Moodle is vulnerable to unauthorized new accounts creation | 0% Низкий | около 3 лет назад | |
| GHSA-95qp-qwjg-22x9 lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | 0% Низкий | около 3 лет назад | |
| GHSA-948f-j464-rfj2 Moodle may allow students to bypass sequential navigation during a quiz attempt | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-93wh-35r4-6qmw Moodle allowed some users without permission to view other users' full names | CVSS3: 5.3 | 0% Низкий | около 4 лет назад |
| GHSA-93pj-4p65-qmr9 Insufficient user authorization in Moodle | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу