Количество 2 643
Количество 2 643
GHSA-9x63-m3cc-qf3g
Moodle Unauthorized searching of arbitrary blogs by typing full url
GHSA-9vc3-vm42-fjhm
Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
GHSA-9v64-447r-wch6
Moodle Temporary Passwords are Brute Force-able
GHSA-9v3m-3w47-83fq
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed.
GHSA-9r7q-rgxm-f2hm
A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions.
GHSA-9r38-f9p6-3f7p
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed.
GHSA-9r26-5w88-qhp9
Authorization Bypass in moodle
GHSA-9qm6-cmrx-3j39
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
GHSA-9qgq-93c7-9hm4
Moodle stored Cross-site Scripting (XSS)
GHSA-9q29-jcjw-fw7h
Moodle Incorrect Authorization vulnerability
GHSA-9p54-pc88-36c4
Moodle does not properly restrict access to category and course data
GHSA-9jf6-wq34-fg9w
Moodle XSS Vulnerability
GHSA-9gqp-3g28-w9xc
Moodle Cross-site Scripting vulnerability
GHSA-9fmw-m4qx-6cq8
Moodle cross-site scripting (XSS) vulnerability
GHSA-9fh3-hj27-mwr8
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution.
GHSA-9f45-9qrw-pp4v
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
GHSA-9cg4-4f87-jhm3
Moodle XSS in attachments to evidence of prior learning
GHSA-99w2-c54x-whrx
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
GHSA-995f-r3qg-j3mx
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect.
GHSA-98mf-mqw9-9q8q
Moodle Global search displays user names for unauthenticated users
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-9x63-m3cc-qf3g Moodle Unauthorized searching of arbitrary blogs by typing full url | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-9vc3-vm42-fjhm Moodle's mod_data edit/delete pages pass CSRF token in GET parameter | CVSS3: 3.1 | 0% Низкий | 8 месяцев назад |
| GHSA-9v64-447r-wch6 Moodle Temporary Passwords are Brute Force-able | 1% Низкий | больше 3 лет назад | |
| GHSA-9v3m-3w47-83fq blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. | 0% Низкий | больше 3 лет назад | |
| GHSA-9r7q-rgxm-f2hm A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which could result in script injection in some templates. This affects versions 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions. | 0% Низкий | больше 3 лет назад | |
| GHSA-9r38-f9p6-3f7p rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | 0% Низкий | больше 3 лет назад | |
| GHSA-9r26-5w88-qhp9 Authorization Bypass in moodle | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| GHSA-9qm6-cmrx-3j39 Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | 0% Низкий | больше 3 лет назад | |
| GHSA-9qgq-93c7-9hm4 Moodle stored Cross-site Scripting (XSS) | CVSS3: 6.1 | 1% Низкий | больше 1 года назад |
| GHSA-9q29-jcjw-fw7h Moodle Incorrect Authorization vulnerability | CVSS3: 8.8 | 49% Средний | больше 3 лет назад |
| GHSA-9p54-pc88-36c4 Moodle does not properly restrict access to category and course data | 0% Низкий | больше 3 лет назад | |
| GHSA-9jf6-wq34-fg9w Moodle XSS Vulnerability | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
| GHSA-9gqp-3g28-w9xc Moodle Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | около 2 лет назад |
| GHSA-9fmw-m4qx-6cq8 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-9fh3-hj27-mwr8 The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | 0% Низкий | больше 3 лет назад | |
| GHSA-9f45-9qrw-pp4v Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional | CVSS3: 6.1 | 1% Низкий | больше 2 лет назад |
| GHSA-9cg4-4f87-jhm3 Moodle XSS in attachments to evidence of prior learning | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-99w2-c54x-whrx Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | 0% Низкий | больше 3 лет назад | |
| GHSA-995f-r3qg-j3mx A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect. | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-98mf-mqw9-9q8q Moodle Global search displays user names for unauthenticated users | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу