Page 13 of 208 results (0.003 seconds)

CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles. • http://www.securityfocus.com/bid/94441 https://moodle.org/mod/forum/discuss.php?d=343275 • CWE-284: Improper Access Control •

CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam. • http://www.securityfocus.com/bid/92040 https://moodle.org/mod/forum/discuss.php?d=336698 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. En Moodle 2.x y 3.x, gestores del sitio no administradores podrían editar accidentalmente los administradores a través de los servicios web. • http://www.securityfocus.com/bid/94457 https://moodle.org/mod/forum/discuss.php?d=343276 • CWE-284: Improper Access Control •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. Vulnerabilidades de XSS en Moodle CMS en o en versiones anteriores a 3.1.2 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los parámetros s_additionalhtmlhead, s_additionalhtmltopofbody y s_additionalhtmlfooter parameters. • http://www.securityfocus.com/bid/94189 https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •