Page 29 of 142 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0

CVE-2014-3543

https://notcve.org/view.php?id=CVE-2014-3543

mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with a manifest file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue affecting IMSCP resources and the IMSCC format. mod/imscp/locallib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a atacantes remotos leer ficheros arbitrarios a través de un paquete con un fichero de manifiesto que contiene una declaración de entidad externa XML en conjunto con una referencia de entidad, relacionado con un problema de entidad externa XML (XXE) que afecta recursos IMSCP y el formato IMSCC. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264264 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 4

CVE-2014-3544 – Moodle 2.7 - Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-3544

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. Vulnerabilidad de XSS en user/profile.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo del perfil de ID de Skype. Moodle version 2.7 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34169 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 http://openwall.com/lists/oss-security/2014/07/21/1 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss http://osvdb.org/show/osvdb/109337 http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34169 http://www.securityfocus.com/bid/68756 https://github.com/moodle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •