Page 16 of 93 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 1

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. Las respuestas de retroalimentación basadas en texto requirieron saneamiento adicional para prevenir un ataque de tipo XSS almacenado y riesgos SSRF ciegos en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • http://packetstormsecurity.com/files/164817/Moodle-Cross-Site-Scripting-Server-Side-Request-Forgery.html https://bugzilla.redhat.com/show_bug.cgi?id=1939037 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGOMHMYM3WICJ6D6U22Z6LPJGT5A6MZM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. El campo ID number user profile requería un saneamiento adicional para evitar un riesgo de tipo XSS almacenado en moodle versiones anteriores a 3.10.2, 3.9.5, 3.8.8, 3.5.17 • https://bugzilla.redhat.com/show_bug.cgi?id=1939033 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFSNJ7XHVTC52RSRX2GBQFF3VEEAY2MS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFH5DDMU5TZ3JT4Q52WMRAHACA5MHIMT https://moodle.org/mod/forum/discuss.php?d=419650 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4, 3.8.7 y 3.5.16, que la mensajería no imponía un límite de caracteres al enviar mensajes, lo que podría resultar en la denegación de servicio del lado del cliente (navegador) para los usuarios que recibían mensajes muy grandes • https://moodle.org/mod/forum/discuss.php?d=417168 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4 y 3.8.7, que unas comprobaciones de capacidad insuficiente en algunos servicios web relacionados con las calificaciones significaba que los estudiantes podían visualizar las calificaciones de otros estudiantes • https://moodle.org/mod/forum/discuss.php?d=417167 • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4, 3.8.7 y 3.5.16, que si el filtro de notación TeX estaba habilitado, se requería una desinfección adicional del contenido TeX para prevenir el riesgo de un XSS almacenado • https://moodle.org/mod/forum/discuss.php?d=417170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •