Количество 2 643
Количество 2 643
GHSA-7mfw-g8x4-rq2w
Moodle XSS Vulnerability
GHSA-7h8v-2v8x-h264
SQL Injection in moodle
GHSA-7ghm-fp7p-qvjq
Moodle XSS Vulnerability
GHSA-7f5w-xxw9-mqgp
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
GHSA-7cvw-wrj9-q5fp
Moodle vulnerable to Cross-Site Request Forgery
GHSA-79w6-7hhc-89m9
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.
GHSA-79vx-7whj-rvvr
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
GHSA-79jp-m64f-pgrc
Moodle Cross-site Scripting vulnerability
GHSA-79h5-2hp9-w4p4
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
GHSA-78fm-qhh8-8858
Moodle reflected XSS
GHSA-786g-xv8v-9h93
Moodle Cross-site Scripting vulnerability
GHSA-782m-5wvg-q53x
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values.
GHSA-77jm-f3vj-xvx2
Moodle vulnerable to Cross-site Scripting
GHSA-774q-wfcp-vc2q
Moodle Email media URL tokens were not checking for user status
GHSA-75c6-xqwr-v2r9
Moodle cross-site scripting (XSS) vulnerability
GHSA-7556-5jcq-72q2
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
GHSA-74j7-5pxr-x457
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
GHSA-74gp-j3q6-3x67
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.
GHSA-73q4-xm6m-m55x
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
GHSA-72w2-j52c-7682
Moodle SQL Injection vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7mfw-g8x4-rq2w Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-7h8v-2v8x-h264 SQL Injection in moodle | CVSS3: 6.5 | 0% Низкий | больше 4 лет назад |
| GHSA-7ghm-fp7p-qvjq Moodle XSS Vulnerability | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-7f5w-xxw9-mqgp A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data. | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-7cvw-wrj9-q5fp Moodle vulnerable to Cross-Site Request Forgery | 0% Низкий | больше 3 лет назад | |
| GHSA-79w6-7hhc-89m9 mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | 0% Низкий | больше 3 лет назад | |
| GHSA-79vx-7whj-rvvr Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-79jp-m64f-pgrc Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 1% Низкий | почти 3 года назад |
| GHSA-79h5-2hp9-w4p4 Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 1% Низкий | больше 3 лет назад | |
| GHSA-78fm-qhh8-8858 Moodle reflected XSS | CVSS3: 6.1 | 4% Низкий | почти 4 года назад |
| GHSA-786g-xv8v-9h93 Moodle Cross-site Scripting vulnerability | CVSS3: 5.4 | 1% Низкий | почти 3 года назад |
| GHSA-782m-5wvg-q53x The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | 0% Низкий | больше 3 лет назад | |
| GHSA-77jm-f3vj-xvx2 Moodle vulnerable to Cross-site Scripting | CVSS3: 6.1 | 1% Низкий | больше 2 лет назад |
| GHSA-774q-wfcp-vc2q Moodle Email media URL tokens were not checking for user status | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-75c6-xqwr-v2r9 Moodle cross-site scripting (XSS) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-7556-5jcq-72q2 Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | 1% Низкий | больше 3 лет назад | |
| GHSA-74j7-5pxr-x457 Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 1% Низкий | больше 3 лет назад | |
| GHSA-74gp-j3q6-3x67 Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-73q4-xm6m-m55x course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | 0% Низкий | больше 3 лет назад | |
| GHSA-72w2-j52c-7682 Moodle SQL Injection vulnerability | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу