Page 12 of 124 results (0.007 seconds)

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2

Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las direcciones de correo electrónico de todos los participantes, independientemente de la visibilidad del correo electrónico. • http://www.securityfocus.com/bid/101909 https://moodle.org/mod/forum/discuss.php?d=361784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 53EXPL: 0

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. En Moodle 2.x y 3.x, usuarios autenticados remotos pueden hacerse dueños de blogs arbitrarios mediante la edición de un enlace de blog externo. • https://moodle.org/mod/forum/discuss.php?d=352353 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 0

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. En Moodle 2.x y 3.x, la búsqueda de blogs arbitrarios es posible debido a la falta de una comprobación de capacidades. • https://moodle.org/mod/forum/discuss.php?d=352354 • CWE-668: Exposure of Resource to Wrong Sphere •