CVE-2021-20184
https://notcve.org/view.php?id=CVE-2021-20184
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4 y 3.8.7, que unas comprobaciones de capacidad insuficiente en algunos servicios web relacionados con las calificaciones significaba que los estudiantes podían visualizar las calificaciones de otros estudiantes • https://moodle.org/mod/forum/discuss.php?d=417167 • CWE-354: Improper Validation of Integrity Check Value •
CVE-2021-20186
https://notcve.org/view.php?id=CVE-2021-20186
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4, 3.8.7 y 3.5.16, que si el filtro de notación TeX estaba habilitado, se requería una desinfección adicional del contenido TeX para prevenir el riesgo de un XSS almacenado • https://moodle.org/mod/forum/discuss.php?d=417170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20183
https://notcve.org/view.php?id=CVE-2021-20183
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. Se encontró en Moodle versiones anteriores a 3.10.1, que algunas entradas de búsqueda eran vulnerables a XSS reflejado debido a un escape insuficiente de las consultas de búsqueda • https://moodle.org/mod/forum/discuss.php?d=417166 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20187
https://notcve.org/view.php?id=CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. Se encontró en Moodle versiones anteriores a 3.10.1, 3.9.4, 3.8.7 y 3.5.16, que era posible para los administradores del sitio ejecutar scripts PHP arbitrarios por medio de una inclusión PHP usada durante la autenticación Shibboleth • https://moodle.org/mod/forum/discuss.php?d=417171 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-829: Inclusion of Functionality from Untrusted Control Sphere •