Page 16 of 86 results (0.030 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Moodle versión 3.10.3, permite a atacantes remotos ejecutar un script web o HTML arbitrario por medio del campo "Description" • https://github.com/langkexiansheng/Images/blob/master/moodle_xss.gif • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. El servicio web responsable de obtener los cursos inscritos de otros usuarios no comprobó que el usuario solicitante tuviera permiso para visualizar esa información en cada curso en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939051 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419654 • CWE-862: Missing Authorization CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Cuando se crea una cuenta de usuario, era posible verificar la cuenta sin tener acceso al enlace/secreto del correo electrónico de comprobación en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939046 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419653 • CWE-863: Incorrect Authorization •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Fue posible que algunos usuarios sin permiso para visualizar los nombres completos de otros usuarios lo hicieran por medio del bloque de usuarios en línea en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939041 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419652 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Las respuestas de retroalimentación basadas en texto requirieron saneamiento adicional para prevenir un ataque de tipo XSS almacenado y riesgos SSRF ciegos en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://bugzilla.redhat.com/show_bug.cgi?id=1939037 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •