Количество 2 643
Количество 2 643
GHSA-5wjh-v7c8-wrhx
Moodle stored Cross-site Scripting
GHSA-5wg9-5w3f-hxmh
Moodle Users could elevate their role when accessing the LTI tool on a provider site
GHSA-5w4h-xrr5-7273
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-5rr5-fxhc-jv64
Moodle allows attackers to modify the visibility of a badge
GHSA-5r85-6h7f-rg3r
Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
GHSA-5p2x-8427-9fgp
Moodle Improper Access Control vulnerability
GHSA-5jph-mvfm-r27p
Moodle cross-site request forgery (CSRF) vulnerability
GHSA-5hc2-8542-698w
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
GHSA-5h49-4p8x-9pc2
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
GHSA-5fgv-cvr8-xg48
Moodle vulnerable to Cross-site Scripting
GHSA-59w4-qq7r-6mf4
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
GHSA-59j6-8g7w-prf7
Moodle exposes hidden grades to students
GHSA-595j-wpfg-23w4
Moodle XSS Vulnerability
GHSA-594q-rvf2-x42j
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.
GHSA-58r8-934v-x9pp
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
GHSA-58fm-v4pr-jh8p
Moodle Unrestricted file upload vulnerability
GHSA-57p3-67r2-vwm7
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
GHSA-5729-822w-j342
Moodle cross-site scripting (XSS) vulnerability
GHSA-56r9-72vx-q989
Moodle arbitrary file read vulnerability
GHSA-565r-cwvm-gv9r
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-5wjh-v7c8-wrhx Moodle stored Cross-site Scripting | CVSS3: 5.4 | 1% Низкий | почти 4 года назад |
| GHSA-5wg9-5w3f-hxmh Moodle Users could elevate their role when accessing the LTI tool on a provider site | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-5w4h-xrr5-7273 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-5rr5-fxhc-jv64 Moodle allows attackers to modify the visibility of a badge | 0% Низкий | больше 3 лет назад | |
| GHSA-5r85-6h7f-rg3r Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block | CVSS3: 5.3 | 0% Низкий | 10 месяцев назад |
| GHSA-5p2x-8427-9fgp Moodle Improper Access Control vulnerability | CVSS3: 6.5 | 0% Низкий | почти 2 года назад |
| GHSA-5jph-mvfm-r27p Moodle cross-site request forgery (CSRF) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-5hc2-8542-698w CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 0% Низкий | больше 3 лет назад | |
| GHSA-5h49-4p8x-9pc2 Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-5fgv-cvr8-xg48 Moodle vulnerable to Cross-site Scripting | 0% Низкий | больше 3 лет назад | |
| GHSA-59w4-qq7r-6mf4 The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | 0% Низкий | больше 3 лет назад | |
| GHSA-59j6-8g7w-prf7 Moodle exposes hidden grades to students | 0% Низкий | больше 3 лет назад | |
| GHSA-595j-wpfg-23w4 Moodle XSS Vulnerability | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-594q-rvf2-x42j Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | 0% Низкий | больше 3 лет назад | |
| GHSA-58r8-934v-x9pp Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | 0% Низкий | больше 3 лет назад | |
| GHSA-58fm-v4pr-jh8p Moodle Unrestricted file upload vulnerability | CVSS3: 8.8 | 3% Низкий | больше 3 лет назад |
| GHSA-57p3-67r2-vwm7 A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA). | CVSS3: 7.1 | 0% Низкий | 8 месяцев назад |
| GHSA-5729-822w-j342 Moodle cross-site scripting (XSS) vulnerability | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-56r9-72vx-q989 Moodle arbitrary file read vulnerability | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
| GHSA-565r-cwvm-gv9r mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу