Количество 2 470
Количество 2 470
CVE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
CVE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access con ...
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent a ...
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
CVE-2023-28336
Insufficient filtering of grade report history made it possible for te ...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
CVE-2023-28335
The link to reset all templates of a database activity did not include ...
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not." | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
| CVE-2023-46858 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ... | CVSS3: 5.4 | 0% Низкий | больше 1 года назад |
 | CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-35133 An issue in the logic used to check 0.0.0.0 against the cURL blocked h ... | CVSS3: 7.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-35132 A limited SQL injection risk was identified on the Mnet SSO access con ... | CVSS3: 6.3 | 0% Низкий | около 2 лет назад |
| CVE-2023-35131 Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. | CVSS3: 6.1 | 1% Низкий | около 2 лет назад |
| CVE-2023-35131 Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. | CVSS3: 6.1 | 1% Низкий | около 2 лет назад |
| CVE-2023-35131 Content on the groups page required additional sanitizing to prevent a ... | CVSS3: 6.1 | 1% Низкий | около 2 лет назад |
| CVE-2023-28336 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28336 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28336 Insufficient filtering of grade report history made it possible for te ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28335 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28335 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28335 The link to reset all templates of a database activity did not include ... | CVSS3: 8.8 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the learning plans page. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the learning plans page. | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the ... | CVSS3: 4.3 | 0% Низкий | больше 2 лет назад |
Уязвимостей на страницу