Количество 2 469
Количество 2 469
GHSA-w2pm-fr62-jgv4
Moodle vulnerable to stored Cross-site Scripting
GHSA-w2pj-r8m3-r4jc
Moodle Information Disclosure
GHSA-vxqh-mx28-7ghw
Moodle Portfolio script allows instantiation of class chosen by user
GHSA-vxmv-74rf-vqgp
Moodle Portfolio forum caller class allows a user to download any file
GHSA-vxhx-gmhm-623c
Improper Access Control in moodle
GHSA-vw66-rcjg-qq7g
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
GHSA-vvh5-7v3m-j3mj
Moodle Unsanitized HTML in site log for config_log_created
GHSA-vrpr-2xxx-g444
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-vrf6-q7qj-69v5
Moodle allows attackers to upload files containing JavaScript
GHSA-vr6v-g96p-cjc3
Moodle vulnerable to RCE
GHSA-vpq5-56jj-vf2m
Moodle admin presets export tool includes some secrets that should not be exported
GHSA-vm9c-39jx-q45w
Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
GHSA-vjxx-54vw-q59f
Moodle SSRF Vulnerability
GHSA-vj5p-fp42-774p
Moodle may display roles to users who don't have access to them
GHSA-vg4g-6rhx-p7rr
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.
GHSA-vcvh-qrpm-8cw7
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
GHSA-v9xq-vh72-chr4
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
GHSA-v6f4-v8h8-3c87
Moodle Remote Code Execution vulnerability
GHSA-v52c-rjhj-v6hm
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
GHSA-v3wp-35g3-m9mm
Moodle does not consider the moodle/tag:flag capability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-w2pm-fr62-jgv4 Moodle vulnerable to stored Cross-site Scripting | CVSS3: 5.4 | 0% Низкий | около 2 лет назад |
| GHSA-w2pj-r8m3-r4jc Moodle Information Disclosure | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-vxqh-mx28-7ghw Moodle Portfolio script allows instantiation of class chosen by user | CVSS3: 8.1 | 0% Низкий | около 3 лет назад |
| GHSA-vxmv-74rf-vqgp Moodle Portfolio forum caller class allows a user to download any file | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-vxhx-gmhm-623c Improper Access Control in moodle | CVSS3: 7.5 | 1% Низкий | около 4 лет назад |
| GHSA-vw66-rcjg-qq7g Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | 0% Низкий | около 3 лет назад | |
| GHSA-vvh5-7v3m-j3mj Moodle Unsanitized HTML in site log for config_log_created | CVSS3: 4.3 | 0% Низкий | около 1 года назад |
| GHSA-vrpr-2xxx-g444 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-vrf6-q7qj-69v5 Moodle allows attackers to upload files containing JavaScript | 0% Низкий | около 3 лет назад | |
| GHSA-vr6v-g96p-cjc3 Moodle vulnerable to RCE | CVSS3: 8.8 | 2% Низкий | около 3 лет назад |
| GHSA-vpq5-56jj-vf2m Moodle admin presets export tool includes some secrets that should not be exported | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
| GHSA-vm9c-39jx-q45w Moodle vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | 0% Низкий | около 3 лет назад | |
| GHSA-vjxx-54vw-q59f Moodle SSRF Vulnerability | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
| GHSA-vj5p-fp42-774p Moodle may display roles to users who don't have access to them | CVSS3: 4.3 | 0% Низкий | около 2 лет назад |
| GHSA-vg4g-6rhx-p7rr Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | CVSS3: 8.8 | 4% Низкий | около 3 лет назад |
| GHSA-vcvh-qrpm-8cw7 Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | 1% Низкий | около 3 лет назад | |
| GHSA-v9xq-vh72-chr4 Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script | CVSS3: 5.3 | 1% Низкий | около 3 лет назад |
| GHSA-v6f4-v8h8-3c87 Moodle Remote Code Execution vulnerability | CVSS3: 8.1 | 89% Высокий | 7 месяцев назад |
| GHSA-v52c-rjhj-v6hm Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. | 0% Низкий | около 3 лет назад | |
| GHSA-v3wp-35g3-m9mm Moodle does not consider the moodle/tag:flag capability | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу