Exposición de Moodle
LMS70
score de exposición
13.690
sitios usan
0
en explotación
7
críticos
CVEs
292 resultadosCVE-2024-38274MEDIUMmoodle: stored XSS via calendar's event title when deleting the eventEPSS 0.4%CVE-2025-67848HIGHMoodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized access.EPSS 0.4%CVE-2024-33996MEDIUMmoodle: broken access control when setting calendar event typeEPSS 0.4%CVE-2024-33998MEDIUMmoodle: stored XSS via user's name on participants page when opening some optionsEPSS 0.4%CVE-2024-48896MEDIUMMoodle: users' names returned in messaging error messageEPSS 0.4%CVE-2021-4399MEDIUMEdwiser Bridge <= 2.0.6 - Cross-Site Request Forgery BypassEPSS 0.4%CVE-2025-67855MEDIUMMooodle: mooodle: information disclosure and script execution via reflected cross-site scriptingEPSS 0.4%CVE-2024-43439MEDIUMMoodle: reflected xss via h5p error messageEPSS 0.4%CVE-2025-3625HIGHMoodle: user dos and name disclosure via idor in moodle mfa email factor revoke actionEPSS 0.4%CVE-2024-34003MEDIUMmoodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_workshop backupEPSS 0.4%CVE-2024-45690HIGHMoodle: idor when deleting oauth2 linked accountsEPSS 0.4%CVE-2024-34006MEDIUMmoodle: unsanitized HTML in site log for config_log_createdEPSS 0.4%CVE-2024-45689MEDIUMMoodle: unprotected access to sensitive information via dynamic tablesEPSS 0.3%CVE-2025-67857MEDIUMMoodle: moodle: data exposure of user identifiers in urlsEPSS 0.3%CVE-2024-48900MEDIUMMoodle: idor when accessing list of badge recipientsEPSS 0.3%CVE-2024-43437MEDIUMMoodle: xss risk when restoring malicious course backup fileEPSS 0.3%CVE-2025-32044HIGHMoodle: unauthenticated rest api user data exposureEPSS 0.3%CVE-2024-43435MEDIUMMoodle: can create global glossary without being adminEPSS 0.3%CVE-2025-26527MEDIUMNon-searchable tags can still be discovered on the tag search page and in the tags blockEPSS 0.3%CVE-2025-26530HIGHReflected XSS via question bank filterEPSS 0.3%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →