CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1081
https://notcve.org/view.php?id=CVE-2018-1081
04 Apr 2018 — A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. Se ha encontrado un error en Moodle 3.4 a 3.4.1, 3.3 a 3.3.4, 3.2 a 3.2.7 y 3.1 a 3.1.10, así como en versiones anteriores sin soporte. Los usuarios no autenticados pueden ... • http://www.securityfocus.com/bid/103728 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0CVE-2018-1045
https://notcve.org/view.php?id=CVE-2018-1045
22 Jan 2018 — In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1044
https://notcve.org/view.php?id=CVE-2018-1044
22 Jan 2018 — In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. En Moodle 3.x, los servicios quiz web permiten que los estudiantes vean los resultados de los tests cuando se les prohíbe hacerlo en las opciones. • http://www.securityfocus.com/bid/102754 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-1043
https://notcve.org/view.php?id=CVE-2018-1043
22 Jan 2018 — In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. En Moodle 3.x, la configuración para la lista de hosts bloqueados puede omitirse con múltiples nombres de host de registro A. • http://www.securityfocus.com/bid/102769 •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 3CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
22 Jan 2018 — Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://packetstorm.news/files/id/153766 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-15110
https://notcve.org/view.php?id=CVE-2017-15110
20 Nov 2017 — In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las di... • http://www.securityfocus.com/bid/101909 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 43EXPL: 0CVE-2017-12156
https://notcve.org/view.php?id=CVE-2017-12156
18 Sep 2017 — Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. Moodle 3.x tiene una vulnerabilidad de Cross-Site Scripting (XSS) en el formulario de contacto en la página "non-respondents" en feedback público. • http://www.securityfocus.com/bid/100867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0CVE-2017-12157
https://notcve.org/view.php?id=CVE-2017-12157
18 Sep 2017 — In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. En Moodle 3.x, varios informes de cursos permiten a los profesores visualizar detalles sobre usuarios en los grupos a los que no pueden acceder. • http://www.securityfocus.com/bid/100848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2017-7532
https://notcve.org/view.php?id=CVE-2017-7532
17 Jul 2017 — In Moodle 3.x, course creators are able to change system default settings for courses. En Moodle versión 3.x, los creadores de cursos son capaces de cambiar la configuración por defecto del sistema para los cursos. • http://www.securityfocus.com/bid/99617 • CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7531
https://notcve.org/view.php?id=CVE-2017-7531
17 Jul 2017 — In Moodle 3.3, the course overview block reveals activities in hidden courses. En Moodle versión 3.3, el bloque de vista general del curso revela actividades en cursos ocultos. • http://www.securityfocus.com/bid/99618 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •