Page 16 of 83 results (0.033 seconds)

CVSS: 5.3EPSS: 0%CPEs: 53EXPL: 0

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. En Moodle 2.x y 3.x, la búsqueda de blogs arbitrarios es posible debido a la falta de una comprobación de capacidades. • https://moodle.org/mod/forum/discuss.php?d=352354 • CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0

In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. En Moodle 2.x y 3.x, existe la posibilidad de que se produzca un ataque CSRF que permite a los atacantes cambiar el ajuste de configuración \"number of courses displayed in the course overview block\". • https://moodle.org/mod/forum/discuss.php?d=352355 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 1

In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 http://www.securityfocus.com/bid/96977 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349419 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

In Moodle 3.x, XSS can occur via evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96979 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349421 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de adjuntos a la evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96982 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349422 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •