Exposición de Moodle
LMS70
score de exposición
13.690
sitios usan
0
en explotación
7
críticos
CVEs
292 resultadosCVE-2021-36401MEDIUMIn Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.EPSS 0.5%CVE-2025-67847HIGHMoodle: moodle: remote code execution via insufficient restore input validationEPSS 0.5%CVE-2022-40313HIGHRecursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to loadEPSS 0.5%CVE-2021-36402MEDIUMIn Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.EPSS 0.5%CVE-2021-36403MEDIUMIn Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which mayEPSS 0.5%CVE-2020-1691—In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scriptEPSS 0.5%CVE-2022-0984—Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile fEPSS 0.5%CVE-2022-0985—Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary mEPSS 0.5%CVE-2024-43438HIGHMoodle: idor in feedback non-respondents report allows messaging arbitrary site usersEPSS 0.5%CVE-2017-7491—In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview bloEPSS 0.5%CVE-2021-36399MEDIUMIn Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.EPSS 0.5%CVE-2021-36398MEDIUMIn moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.EPSS 0.5%CVE-2023-5544MEDIUMMoodle: stored xss and potential idor risk in wiki commentsEPSS 0.5%CVE-2023-5547LOWMoodle: xss risk when previewing data in course upload toolEPSS 0.5%CVE-2023-5541LOWMoodle: xss risk when using csv grade import methodEPSS 0.5%CVE-2021-36400MEDIUMIn Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.EPSS 0.5%CVE-2024-25982MEDIUMMsa-24-0005: csrf risk in language import utilityEPSS 0.5%CVE-2024-34000MEDIUMmoodle: stored XSS in lesson overview report via user ID numberEPSS 0.5%CVE-2025-26529HIGHStored XSS risk in admin live logEPSS 0.5%CVE-2020-1755—In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote addreEPSS 0.5%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →