Page 17 of 82 results (0.012 seconds)

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

In Moodle 3.2.x, global search displays user names for unauthenticated users. En Moodle 3.2.x, la búsqueda global muestra nombres de usuario para usuarios no autenticados. • http://www.securityfocus.com/bid/96978 http://www.securitytracker.com/id/1038174 https://moodle.org/mod/forum/discuss.php?d=349420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2, permiten a atacantes remotos inyectar script Web o HTML arbitrarios (1) proporcionando un playerId manipulado o (2) referenciando un dominio externo, un problema relacionado con CVE-2013-7342. • http://flash.flowplayer.org/documentation/version-history.html http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344 http://openwall.com/lists/oss-security/2014/03/17/1 https://github.com/flowplayer/flash/issues/121 https://moodle.org/mod/forum/discuss.php?d=256420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •