NotCVE - vendor:"Moodle" product:"Moodle" version:" >= 3.2 <= 3.2.7"

Page 16 of 84 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 0

CVE-2017-7490

https://notcve.org/view.php?id=CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. En Moodle 2.x y 3.x, la búsqueda de blogs arbitrarios es posible debido a la falta de una comprobación de capacidades. • https://moodle.org/mod/forum/discuss.php?d=352354 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0

CVE-2017-7491

https://notcve.org/view.php?id=CVE-2017-7491

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. En Moodle 2.x y 3.x, existe la posibilidad de que se produzca un ataque CSRF que permite a los atacantes cambiar el ajuste de configuración \"number of courses displayed in the course overview block\". • https://moodle.org/mod/forum/discuss.php?d=352355 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2017-7298

https://notcve.org/view.php?id=CVE-2017-7298

In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element. En Moodle 3.2.2+, hay XSS en el filtro de resumen del curso de la página "agregar un nuevo curso", como lo demuestra un atributo manipulado de un elemento SVG. • http://www.daimacn.com/index.php/post/12.html http://www.daimacn.com/post/12.html http://www.securityfocus.com/bid/97182 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-2643

https://notcve.org/view.php?id=CVE-2017-2643

In Moodle 3.2.x, global search displays user names for unauthenticated users. En Moodle 3.2.x, la búsqueda global muestra nombres de usuario para usuarios no autenticados. • http://www.securityfocus.com/bid/96978 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 1

CVE-2017-2641 – Moodle 2.x/3.x - SQL Injection

https://notcve.org/view.php?id=CVE-2017-2641

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 http://www.securityfocus.com/bid/96977 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1...14 15 16 17