Page 19 of 96 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10. En moodle, algunos servicios web de módulos de base de datos permitían a estudiantes agregar entradas dentro de grupos a los que no pertenecían. Versiones afectadas: 3.9 hasta 3.9.2, 3.8 hasta 3.8.5, 3.7 hasta 3.7.8, 3.5 hasta 3.5.14 y versiones anteriores no compatibles. • https://bugzilla.redhat.com/show_bug.cgi?id=1895427 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413938 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10. En Moodle, era posible incluir JavaScript, cuando se cambia el nombre de los elementos del banco de contenido. Versiones afectadas: 3.9 a 3.9.2. • https://bugzilla.redhat.com/show_bug.cgi?id=1895437 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. La descarga de la tabla de participantes en Moodle siempre incluía correos electrónicos de unos usuarios, pero solo debería haberlo hecho cuando los correos electrónicos de los usuarios no están ocultos. Versiones afectadas: 3.9 hasta 3.9.2, 3.8 hasta 3.8.5 y 3.7 hasta 3.7.8. • https://bugzilla.redhat.com/show_bug.cgi?id=1895439 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413941 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. Si la herramienta de carga de curso en Moodle se usó para eliminar un método de inscripción que no existía o no estaba habilitado, la herramienta habilitaría erróneamente ese método de inscripción. • https://bugzilla.redhat.com/show_bug.cgi?id=1895432 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413939 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. Unas capacidades de inscripción de los usuarios no estaban suficientemente comprobadas en Moodle cuando son restauradas en un curso existente. • https://bugzilla.redhat.com/show_bug.cgi?id=1895419 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4NNFCHPPHRJNJROIX6SYMHOC6HMKP3GU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B55KXBVAT45MDASJ3EK6VIGQOYGJ4NH6 https://moodle.org/mod/forum/discuss.php?d=413935 • CWE-284: Improper Access Control •