Page 24 of 465 results (0.015 seconds)

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. Se ha encontrado un error en Moodle 3.4 a 3.4.1, 3.3 a 3.3.4, 3.2 a 3.2.7 y 3.1 a 3.1.10, así como en versiones anteriores sin soporte. Los usuarios no autenticados pueden desencadenar mensajes personalizados para los administradores mediante un script de registro en paypal. • http://www.securityfocus.com/bid/103728 https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392 https://moodle.org/mod/forum/discuss.php?d=367938 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. En Moodle 3.x, los servicios quiz web permiten que los estudiantes vean los resultados de los tests cuando se les prohíbe hacerlo en las opciones. • http://www.securityfocus.com/bid/102754 https://moodle.org/mod/forum/discuss.php?d=364383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 12EXPL: 0

In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. En Moodle 3.x, la configuración para la lista de hosts bloqueados puede omitirse con múltiples nombres de host de registro A. • http://www.securityfocus.com/bid/102769 https://moodle.org/mod/forum/discuss.php?d=364382 •

CVSS: 5.4EPSS: 0%CPEs: 12EXPL: 0

In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 2

Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •