Количество 2 541
Количество 2 541
GHSA-v6f4-v8h8-3c87
Moodle Remote Code Execution vulnerability
GHSA-v52c-rjhj-v6hm
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
GHSA-v3wp-35g3-m9mm
Moodle does not consider the moodle/tag:flag capability
GHSA-v33x-q8gh-4x42
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-v2rh-5v88-rgvh
Moodle context freezing
GHSA-rvmc-8gmg-ggqr
Moodle Blind SQL injection possible via MNet authentication
GHSA-rv62-6f56-j83w
Moodle Oauth 2 Insufficiently Protects Against Compromise
GHSA-rmq4-phgg-pxp4
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
GHSA-rmfm-w44g-h6m2
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.
GHSA-rmcv-83m2-7x23
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
GHSA-rjh8-w8jg-xwq5
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-rj5x-jhhc-5x6h
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
GHSA-rgmc-f85q-83hm
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
GHSA-rg56-94j7-hjx9
Moodle has a SQL injection risk in course search module list filter
GHSA-r9pc-g29w-f86j
Moodle sensitive information disclosure
GHSA-r99q-hmqv-xw8w
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
GHSA-r867-v437-4rrm
Moodle Cross-site request forgery (CSRF) vulnerability
GHSA-r82w-3phg-qvr4
Moodle uses the same key for QR login and auto-login
GHSA-r7cj-2ghq-wj88
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
GHSA-r729-mx2r-j26j
Moodle XSS Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v6f4-v8h8-3c87 Moodle Remote Code Execution vulnerability | CVSS3: 8.1 | 88% Высокий | 10 месяцев назад |
| GHSA-v52c-rjhj-v6hm Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. | 0% Низкий | больше 3 лет назад | |
| GHSA-v3wp-35g3-m9mm Moodle does not consider the moodle/tag:flag capability | 0% Низкий | больше 3 лет назад | |
| GHSA-v33x-q8gh-4x42 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-v2rh-5v88-rgvh Moodle context freezing | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rvmc-8gmg-ggqr Moodle Blind SQL injection possible via MNet authentication | CVSS3: 7.2 | 1% Низкий | больше 3 лет назад |
| GHSA-rv62-6f56-j83w Moodle Oauth 2 Insufficiently Protects Against Compromise | CVSS3: 9.1 | 0% Низкий | больше 3 лет назад |
| GHSA-rmq4-phgg-pxp4 Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | 0% Низкий | больше 3 лет назад | |
| GHSA-rmfm-w44g-h6m2 Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | 1% Низкий | больше 3 лет назад | |
| GHSA-rmcv-83m2-7x23 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. | 1% Низкий | больше 3 лет назад | |
| GHSA-rjh8-w8jg-xwq5 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rj5x-jhhc-5x6h mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-rgmc-f85q-83hm Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 1% Низкий | больше 3 лет назад | |
| GHSA-rg56-94j7-hjx9 Moodle has a SQL injection risk in course search module list filter | CVSS3: 8.1 | 0% Низкий | 7 месяцев назад |
| GHSA-r9pc-g29w-f86j Moodle sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-r99q-hmqv-xw8w Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 6.5 | 0% Низкий | больше 1 года назад |
| GHSA-r867-v437-4rrm Moodle Cross-site request forgery (CSRF) vulnerability | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-r82w-3phg-qvr4 Moodle uses the same key for QR login and auto-login | CVSS3: 6.5 | 0% Низкий | около 1 года назад |
| GHSA-r7cj-2ghq-wj88 jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | 8% Низкий | больше 3 лет назад | |
| GHSA-r729-mx2r-j26j Moodle XSS Vulnerability | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу