Количество 2 643
Количество 2 643
GHSA-5659-g9p4-354f
Moodle allows attackers to bypass a forced-password-change requirement
GHSA-557f-2hv4-7jjm
Moodle does not verify group permissions
GHSA-54r2-r67g-fr9m
Moodle User fullname disclosure on user preferences page
GHSA-5488-2xmq-hwfh
Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.
GHSA-5282-96ff-xx3h
Moodle sensitive information disclosure
GHSA-4xjc-8h53-m2ww
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role.
GHSA-4wvg-7886-83gv
Moodle cross-site request forgery (CSRF) vulnerability
GHSA-4w8m-96v9-2c86
Moodle CRLF Injection Vulnerability in Calendar Component
GHSA-4w4j-9533-82qg
Moodle Cross-site Scripting (XSS)
GHSA-4w32-c9g7-27qx
Moodle allows reflected XSS via question bank filter
GHSA-4vfx-5fp5-jh6f
Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
GHSA-4rmj-w58m-fvch
Moodle vulnerable to Server-Side Request Forgery
GHSA-4r9p-m9h5-r8vm
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
GHSA-4r4x-49qh-hfgv
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
GHSA-4r2p-wpv5-683w
Moodle XSS Vulnerability
GHSA-4qxc-qxrp-33cw
Moodle denial-of-service risk in the draft files area
GHSA-4qww-rxq6-x7gf
Moodle broken access control when setting calendar event type
GHSA-4pv6-rw85-g6wg
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response.
GHSA-4ppg-2mx6-fqx9
Moodle allows attackers to bypass intended login restrictions
GHSA-4m6v-x9fj-847j
Moodle Cross-site Scripting in the Course summary filter of the Add a new course
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-5659-g9p4-354f Moodle allows attackers to bypass a forced-password-change requirement | 0% Низкий | больше 3 лет назад | |
| GHSA-557f-2hv4-7jjm Moodle does not verify group permissions | 0% Низкий | больше 3 лет назад | |
| GHSA-54r2-r67g-fr9m Moodle User fullname disclosure on user preferences page | CVSS3: 6.5 | 0% Низкий | больше 3 лет назад |
| GHSA-5488-2xmq-hwfh Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | 0% Низкий | больше 3 лет назад | |
| GHSA-5282-96ff-xx3h Moodle sensitive information disclosure | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-4xjc-8h53-m2ww calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role. | 0% Низкий | больше 3 лет назад | |
| GHSA-4wvg-7886-83gv Moodle cross-site request forgery (CSRF) vulnerability | 0% Низкий | больше 3 лет назад | |
| GHSA-4w8m-96v9-2c86 Moodle CRLF Injection Vulnerability in Calendar Component | 0% Низкий | больше 3 лет назад | |
| GHSA-4w4j-9533-82qg Moodle Cross-site Scripting (XSS) | CVSS3: 6.1 | 0% Низкий | больше 3 лет назад |
| GHSA-4w32-c9g7-27qx Moodle allows reflected XSS via question bank filter | CVSS3: 8.3 | 0% Низкий | 10 месяцев назад |
| GHSA-4vfx-5fp5-jh6f Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | 1% Низкий | больше 3 лет назад | |
| GHSA-4rmj-w58m-fvch Moodle vulnerable to Server-Side Request Forgery | CVSS3: 7.5 | 1% Низкий | почти 3 года назад |
| GHSA-4r9p-m9h5-r8vm Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | 0% Низкий | больше 3 лет назад | |
| GHSA-4r4x-49qh-hfgv Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 0% Низкий | больше 3 лет назад | |
| GHSA-4r2p-wpv5-683w Moodle XSS Vulnerability | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
| GHSA-4qxc-qxrp-33cw Moodle denial-of-service risk in the draft files area | CVSS3: 7.5 | 1% Низкий | почти 4 года назад |
| GHSA-4qww-rxq6-x7gf Moodle broken access control when setting calendar event type | CVSS3: 6.2 | 0% Низкий | больше 1 года назад |
| GHSA-4pv6-rw85-g6wg theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response. | 0% Низкий | больше 3 лет назад | |
| GHSA-4ppg-2mx6-fqx9 Moodle allows attackers to bypass intended login restrictions | 0% Низкий | больше 3 лет назад | |
| GHSA-4m6v-x9fj-847j Moodle Cross-site Scripting in the Course summary filter of the Add a new course | CVSS3: 5.4 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу