Page 15 of 74 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2

Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las direcciones de correo electrónico de todos los participantes, independientemente de la visibilidad del correo electrónico. • http://www.securityfocus.com/bid/101909 https://moodle.org/mod/forum/discuss.php?d=361784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. Moodle 3.x tiene una vulnerabilidad de Cross-Site Scripting (XSS) en el formulario de contacto en la página "non-respondents" en feedback público. • http://www.securityfocus.com/bid/100867 https://moodle.org/mod/forum/discuss.php?d=358585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •