Page 12 of 533 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. La vulnerabilidad XSS almacenada se descubrió en Moodle y existe debido a una sanitización insuficiente de los datos proporcionados por el usuario en varios campos de perfil de usuario "social". Un atacante podría inyectar y ejecutar código HTML y script arbitrario en el navegador del usuario en el contexto de un sitio web vulnerable. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131 https://bugzilla.redhat.com/show_bug.cgi?id=2142774 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB https://moodle.org/mod/foru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. Se descubrió una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en Moodle. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091 https://bugzilla.redhat.com/show_bug.cgi?id=2142773 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB https://moodle.org/mod/foru • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. Habilitando y deshabilitando las bibliotecas H5P instaladas no incluía el token necesario para prevenir un riesgo de tipo CSRF • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75326 https://bugzilla.redhat.com/show_bug.cgi?id=2121360 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. El informe de intentos de actividad de H5P no filtró por grupos, lo que en el modo de grupos separados podría revelar información a profesores no editores sobre intentos/usuarios en grupos a los que no deberían tener acceso • https://bugzilla.redhat.com/show_bug.cgi?id=2128151 https://moodle.org/mod/forum/discuss.php?d=438395 • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

A limited SQL injection risk was identified in the "browse list of users" site administration page. Se ha identificado un riesgo limitado de inyección SQL en la página de administración del sitio "browse list of users" • https://bugzilla.redhat.com/show_bug.cgi?id=2128150 https://moodle.org/mod/forum/discuss.php?d=438394 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •