CVE-2018-1045
https://notcve.org/view.php?id=CVE-2018-1045
In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2017-15110
https://notcve.org/view.php?id=CVE-2017-15110
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las direcciones de correo electrónico de todos los participantes, independientemente de la visibilidad del correo electrónico. • http://www.securityfocus.com/bid/101909 https://moodle.org/mod/forum/discuss.php?d=361784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12157
https://notcve.org/view.php?id=CVE-2017-12157
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. En Moodle 3.x, varios informes de cursos permiten a los profesores visualizar detalles sobre usuarios en los grupos a los que no pueden acceder. • http://www.securityfocus.com/bid/100848 https://moodle.org/mod/forum/discuss.php?d=358586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-12156
https://notcve.org/view.php?id=CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. Moodle 3.x tiene una vulnerabilidad de Cross-Site Scripting (XSS) en el formulario de contacto en la página "non-respondents" en feedback público. • http://www.securityfocus.com/bid/100867 https://moodle.org/mod/forum/discuss.php?d=358585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •