CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2018-1045
https://notcve.org/view.php?id=CVE-2018-1045
In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •