Количество 4
Количество 4
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.
CVE-2014-7835
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2. ...
GHSA-vrf6-q7qj-69v5
Moodle allows attackers to upload files containing JavaScript
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2014-7835 webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. | CVSS2: 2.1 | 0% Низкий | больше 10 лет назад |
 | CVE-2014-7835 webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area. | CVSS2: 2.1 | 0% Низкий | больше 10 лет назад |
| CVE-2014-7835 webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2. ... | CVSS2: 2.1 | 0% Низкий | больше 10 лет назад |
| GHSA-vrf6-q7qj-69v5 Moodle allows attackers to upload files containing JavaScript | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу