Page 2 of 85 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0

H5P metadata automatically populated the author with the user's username, which could be sensitive information. Los metadatos de H5P completaron automáticamente al autor con el nombre de usuario del usuario, que podría ser información confidencial. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820 https://bugzilla.redhat.com/show_bug.cgi?id=2243444 https://moodle.org/mod/forum/discuss.php?d=451586 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Los comentarios de Wiki requirieron restricciones de acceso y sanitización adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509 https://bugzilla.redhat.com/show_bug.cgi?id=2243443 https://moodle.org/mod/forum/discuss.php?d=451585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. El método de importación de calificaciones CSV contenía un riesgo XSS para los usuarios que importaban la hoja de cálculo, si contenía contenido no seguro. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426 https://bugzilla.redhat.com/show_bug.cgi?id=2243437 https://moodle.org/mod/forum/discuss.php?d=451582 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad IMSCP. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409 https://bugzilla.redhat.com/show_bug.cgi?id=2243432 https://moodle.org/mod/forum/discuss.php?d=451581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 https://bugzilla.redhat.com/show_bug.cgi?id=2243352 https://moodle.org/mod/forum/discuss.php?d=451580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •