Количество 2 470
Количество 2 470
GHSA-782m-5wvg-q53x
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.
GHSA-77jm-f3vj-xvx2
Moodle vulnerable to Cross-site Scripting
GHSA-774q-wfcp-vc2q
Moodle Email media URL tokens were not checking for user status
GHSA-75c6-xqwr-v2r9
Moodle cross-site scripting (XSS) vulnerability
GHSA-7556-5jcq-72q2
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
GHSA-74j7-5pxr-x457
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
GHSA-74gp-j3q6-3x67
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
GHSA-73q4-xm6m-m55x
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
GHSA-72w2-j52c-7682
Moodle SQL Injection vulnerability
GHSA-72gv-qqrp-h9qg
Moodle Users Can Bypass Deleted Status
GHSA-6xqg-f34f-5fjx
Moodle vulnerable to Cross-site Scripting
GHSA-6xpm-q8x9-j3rw
Moodle allows attackers to bypass intended access restrictions
GHSA-6xc9-39gx-2ch4
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
GHSA-6wq9-m5r8-4gq4
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.
GHSA-6w97-x9wf-g8mv
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing.
GHSA-6vjg-2q57-rgfw
Moodle allows attackers to cause a denial of service
GHSA-6vjf-48fh-vxxj
Improper Handling of Parameters in moodle
GHSA-6rm3-82c3-gjr8
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.
GHSA-6rgj-rxh3-3g5j
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
GHSA-6r7x-6q98-qcqp
Moodle does not set the RISK_XSS bit for graders
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-782m-5wvg-q53x The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | 0% Низкий | около 3 лет назад | |
| GHSA-77jm-f3vj-xvx2 Moodle vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | около 2 лет назад |
| GHSA-774q-wfcp-vc2q Moodle Email media URL tokens were not checking for user status | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-75c6-xqwr-v2r9 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | около 3 лет назад | |
| GHSA-7556-5jcq-72q2 Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | 1% Низкий | около 3 лет назад | |
| GHSA-74j7-5pxr-x457 Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 1% Низкий | около 3 лет назад | |
| GHSA-74gp-j3q6-3x67 Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | 1% Низкий | около 3 лет назад | |
| GHSA-73q4-xm6m-m55x course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | 0% Низкий | около 3 лет назад | |
| GHSA-72w2-j52c-7682 Moodle SQL Injection vulnerability | CVSS3: 8.8 | 0% Низкий | около 2 лет назад |
| GHSA-72gv-qqrp-h9qg Moodle Users Can Bypass Deleted Status | 0% Низкий | около 3 лет назад | |
| GHSA-6xqg-f34f-5fjx Moodle vulnerable to Cross-site Scripting | 0% Низкий | около 3 лет назад | |
| GHSA-6xpm-q8x9-j3rw Moodle allows attackers to bypass intended access restrictions | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-6xc9-39gx-2ch4 calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. | 0% Низкий | около 3 лет назад | |
| GHSA-6wq9-m5r8-4gq4 message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | 0% Низкий | около 3 лет назад | |
| GHSA-6w97-x9wf-g8mv login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | 1% Низкий | около 3 лет назад | |
| GHSA-6vjg-2q57-rgfw Moodle allows attackers to cause a denial of service | 1% Низкий | около 3 лет назад | |
| GHSA-6vjf-48fh-vxxj Improper Handling of Parameters in moodle | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
| GHSA-6rm3-82c3-gjr8 lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | 0% Низкий | около 3 лет назад | |
| GHSA-6rgj-rxh3-3g5j login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. | 0% Низкий | около 3 лет назад | |
| GHSA-6r7x-6q98-qcqp Moodle does not set the RISK_XSS bit for graders | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу