Page 29 of 465 results (0.007 seconds)

CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. En Moodle 2.x y 3.x, la capacidad de ver notas de curso se comprueba en el contexto incorrecto. • http://www.securityfocus.com/bid/94458 https://moodle.org/mod/forum/discuss.php?d=343277 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.3EPSS: 0%CPEs: 37EXPL: 0

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros. • http://www.securityfocus.com/bid/95649 https://moodle.org/mod/forum/discuss.php?d=345912 • CWE-20: Improper Input Validation •

CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0

In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles. • http://www.securityfocus.com/bid/94441 https://moodle.org/mod/forum/discuss.php?d=343275 • CWE-284: Improper Access Control •

CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0

In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. En Moodle 2.x y 3.x, un usuario no registrado sigue recibiendo notificaciones de supervisión de eventos aunque no pueda acceder al curso. • http://www.securityfocus.com/bid/92042 https://moodle.org/mod/forum/discuss.php?d=336699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 0%CPEs: 27EXPL: 0

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam. • http://www.securityfocus.com/bid/92040 https://moodle.org/mod/forum/discuss.php?d=336698 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •