CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2017-2578
https://notcve.org/view.php?id=CVE-2017-2578
In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 https://moodle.org/mod/forum/discuss.php?d=345915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0CVE-2017-2576
https://notcve.org/view.php?id=CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2, permiten a atacantes remotos inyectar script Web o HTML arbitrarios (1) proporcionando un playerId manipulado o (2) referenciando un dominio externo, un problema relacionado con CVE-2013-7342. • http://flash.flowplayer.org/documentation/version-history.html http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344 http://openwall.com/lists/oss-security/2014/03/17/1 https://github.com/flowplayer/flash/issues/121 https://moodle.org/mod/forum/discuss.php?d=256420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •