Page 31 of 421 results (0.013 seconds)

CVSS: 4.0EPSS: 0%CPEs: 29EXPL: 0

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. login/token.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados evadir un requisito de cambio de contraseña forzado mediante la creación de un token de servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691 http://openwall.com/lists/oss-security/2015/03/16/1 http://www.securityfocus.com/bid/73166 https://moodle.org/mod/forum/discuss.php?d=307386 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. Vulnerabilidad de CSRF en auth/shibboleth/logout.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que provocan un cierre de sesión. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278618 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. calendar/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a usuarios remotos autenticados obtener información sensible sobre eventos del calendario a través de una solicitud de los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 0

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. Vulnerabilidad de XSS en la función external_format_text en lib/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML en una aplicación externa a través de una cadena manipulada que es visible para los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74726 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. access.php en el módulo Lesson en Moodle 2.8.x anterior a 2.8.2 no configura el bit RISK_XSS para los graduadores, lo que permite a usuarios remotos autenticados realizar ataques de XSS a través de comentarios (feedback) manipulados sobre composiciones. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •