Количество 2 643
Количество 2 643
GHSA-vcvh-qrpm-8cw7
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
GHSA-v9xq-vh72-chr4
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
GHSA-v6f4-v8h8-3c87
Moodle Remote Code Execution vulnerability
GHSA-v52c-rjhj-v6hm
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
GHSA-v3wp-35g3-m9mm
Moodle does not consider the moodle/tag:flag capability
GHSA-v33x-q8gh-4x42
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
GHSA-v2rh-5v88-rgvh
Moodle context freezing
GHSA-rvmc-8gmg-ggqr
Moodle Blind SQL injection possible via MNet authentication
GHSA-rv62-6f56-j83w
Moodle Oauth 2 Insufficiently Protects Against Compromise
GHSA-rmq4-phgg-pxp4
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
GHSA-rmfm-w44g-h6m2
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.
GHSA-rmcv-83m2-7x23
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
GHSA-rjh8-w8jg-xwq5
Moodle Exposure of Sensitive Information to an Unauthorized Actor
GHSA-rjcm-7v2p-9265
Moodle course access permissions are not properly checked in course_output_fragment_course_overview
GHSA-rj5x-jhhc-5x6h
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
GHSA-rgmc-f85q-83hm
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
GHSA-rg56-94j7-hjx9
Moodle has a SQL injection risk in course search module list filter
GHSA-rc65-mhj4-hp4r
The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
GHSA-r9pc-g29w-f86j
Moodle sensitive information disclosure
GHSA-r99q-hmqv-xw8w
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-vcvh-qrpm-8cw7 Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | 1% Низкий | больше 3 лет назад | |
| GHSA-v9xq-vh72-chr4 Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script | CVSS3: 5.3 | 1% Низкий | больше 3 лет назад |
| GHSA-v6f4-v8h8-3c87 Moodle Remote Code Execution vulnerability | CVSS3: 8.1 | 90% Критический | около 1 года назад |
| GHSA-v52c-rjhj-v6hm Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. | 0% Низкий | больше 3 лет назад | |
| GHSA-v3wp-35g3-m9mm Moodle does not consider the moodle/tag:flag capability | 0% Низкий | больше 3 лет назад | |
| GHSA-v33x-q8gh-4x42 Moodle multiple cross-site request forgery (CSRF) vulnerabilities | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-v2rh-5v88-rgvh Moodle context freezing | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rvmc-8gmg-ggqr Moodle Blind SQL injection possible via MNet authentication | CVSS3: 7.2 | 1% Низкий | почти 4 года назад |
| GHSA-rv62-6f56-j83w Moodle Oauth 2 Insufficiently Protects Against Compromise | CVSS3: 9.1 | 0% Низкий | больше 3 лет назад |
| GHSA-rmq4-phgg-pxp4 Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | 0% Низкий | больше 3 лет назад | |
| GHSA-rmfm-w44g-h6m2 Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | 1% Низкий | больше 3 лет назад | |
| GHSA-rmcv-83m2-7x23 Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. | 1% Низкий | больше 3 лет назад | |
| GHSA-rjh8-w8jg-xwq5 Moodle Exposure of Sensitive Information to an Unauthorized Actor | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
| GHSA-rjcm-7v2p-9265 Moodle course access permissions are not properly checked in course_output_fragment_course_overview | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-rj5x-jhhc-5x6h mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 1% Низкий | больше 3 лет назад | |
| GHSA-rgmc-f85q-83hm Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 1% Низкий | больше 3 лет назад | |
| GHSA-rg56-94j7-hjx9 Moodle has a SQL injection risk in course search module list filter | CVSS3: 8.1 | 0% Низкий | 10 месяцев назад |
| GHSA-rc65-mhj4-hp4r The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-r9pc-g29w-f86j Moodle sensitive information disclosure | CVSS3: 5.3 | 0% Низкий | больше 3 лет назад |
| GHSA-r99q-hmqv-xw8w Moodle Authenticated LFI risk in some misconfigured shared hosting environments | CVSS3: 6.5 | 1% Низкий | больше 1 года назад |
Уязвимостей на страницу