Exposición de Moodle

LMS

70

score de exposición

13.690

sitios usan

0

en explotación

7

críticos

CVEs

292 resultados

CVE-2021-20283—The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view thatEPSS 1.1%CVE-2017-12156—Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.EPSS 1.1%CVE-2018-1136—An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is noEPSS 1.1%CVE-2019-10134MEDIUMA flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly EPSS 1.1%CVE-2017-2645—In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.EPSS 1.1%CVE-2017-2644—In Moodle 3.x, XSS can occur via evidence of prior learning.EPSS 1.1%CVE-2021-32476—A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3EPSS 1.0%CVE-2017-7490—In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.EPSS 1.0%CVE-2019-3849MEDIUMA vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses oEPSS 1.0%CVE-2018-1134—An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle filEPSS 1.0%CVE-2017-2576—In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.EPSS 1.0%CVE-2022-30598—A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise haEPSS 1.0%CVE-2018-1044—In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.EPSS 1.0%CVE-2021-20279—The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.EPSS 1.0%CVE-2021-32473—It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to EPSS 1.0%CVE-2020-25628—The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7EPSS 1.0%CVE-2021-43560—A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capabiliEPSS 1.0%CVE-2017-12157—In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.EPSS 1.0%CVE-2016-7038—In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.EPSS 1.0%CVE-2023-23923—Moodle: possible to set the preferred "start page" of other usersEPSS 1.0%

← anteriorpágina 5 / 15siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →