Page 23 of 554 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2017-2645

https://notcve.org/view.php?id=CVE-2017-2645

26 Mar 2017 — In Moodle 3.x, XSS can occur via attachments to evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de adjuntos a la evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96982 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-2643

https://notcve.org/view.php?id=CVE-2017-2643

26 Mar 2017 — In Moodle 3.2.x, global search displays user names for unauthenticated users. En Moodle 3.2.x, la búsqueda global muestra nombres de usuario para usuarios no autenticados. • http://www.securityfocus.com/bid/96978 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 0

CVE-2017-2644

https://notcve.org/view.php?id=CVE-2017-2644

26 Mar 2017 — In Moodle 3.x, XSS can occur via evidence of prior learning. En Moodle 3.x, XSS puede ocurrir a través de evidencia de aprendizaje previo. • http://www.securityfocus.com/bid/96979 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 52EXPL: 1

CVE-2017-2641 – Moodle 2.x/3.x - SQL Injection

https://notcve.org/view.php?id=CVE-2017-2641

26 Mar 2017 — In Moodle 2.x and 3.x, SQL injection can occur via user preferences. En Moodle 2.x y 3.x, puede ocurrir una inyección de SQL a través de las preferencias de usuario. • https://www.exploit-db.com/exploits/41828 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2016-5012

https://notcve.org/view.php?id=CVE-2016-5012

20 Jan 2017 — In Moodle 3.x, glossary search displays entries without checking user permissions to view them. En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas. • http://www.securityfocus.com/bid/92041 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0

CVE-2016-5014

https://notcve.org/view.php?id=CVE-2016-5014

20 Jan 2017 — In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. En Moodle 2.x y 3.x, un usuario no registrado sigue recibiendo notificaciones de supervisión de eventos aunque no pueda acceder al curso. • http://www.securityfocus.com/bid/92042 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0

CVE-2016-7038

https://notcve.org/view.php?id=CVE-2016-7038

20 Jan 2017 — In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla. • http://www.securityfocus.com/bid/93174 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •

CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0

CVE-2016-8642

https://notcve.org/view.php?id=CVE-2016-8642

20 Jan 2017 — In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles. • http://www.securityfocus.com/bid/94441 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0

CVE-2017-2576

https://notcve.org/view.php?id=CVE-2017-2576

20 Jan 2017 — In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 • CWE-20: Improper Input Validation •

CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0

CVE-2017-2578

https://notcve.org/view.php?id=CVE-2017-2578

20 Jan 2017 — In Moodle 3.x, there is XSS in the assignment submission page. En Moodle 3.x, hay XSS en la página de envío de asignaciones. • http://www.securityfocus.com/bid/95647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •