Exposição de Moodle

LMS

70

score de exposição

13.690

sites usam

0

em exploração

7

críticos

CVEs

292 resultados

CVE-2023-28336—Moodle: teacher can access names of users they do not have permission to accessEPSS 0.7%CVE-2023-1402—Moodle: course participation report shows roles the user should not seeEPSS 0.7%CVE-2021-36395HIGHIn Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.EPSS 0.7%CVE-2022-0334—A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capabiliEPSS 0.7%CVE-2021-20184—It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meantEPSS 0.7%CVE-2021-40691—A session hijack risk was identified in the Shibboleth authentication plugin.EPSS 0.7%CVE-2019-14879MEDIUMA vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment waEPSS 0.7%CVE-2021-32477—The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capabilEPSS 0.7%CVE-2016-8643—In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.EPSS 0.7%CVE-2023-35131MEDIUMMoodle: xss risk on groups pageEPSS 0.7%CVE-2022-45150MEDIUMA reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied EPSS 0.7%CVE-2019-14827—A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contextsEPSS 0.7%CVE-2023-28331MEDIUMMoodle: xss risk when outputting database activity filter dataEPSS 0.7%CVE-2022-45151MEDIUMThe stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "socialEPSS 0.7%CVE-2024-43436HIGHMoodle: site administration sql injection via xmldb editorEPSS 0.6%CVE-2024-43440HIGHMoodle: lfi vulnerability when restoring malformed block backupsEPSS 0.6%CVE-2023-28332—Moodle: algebra filter xss when filter is misconfiguredEPSS 0.6%CVE-2019-14828—A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with thEPSS 0.6%CVE-2021-40692—Insufficient capability checks made it possible for teachers to download users outside of their courses.EPSS 0.6%CVE-2024-43434HIGHMoodle: csrf risk in feedback non-respondents reportEPSS 0.6%

← anteriorpágina 8 / 15próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →