Page 37 of 465 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL. Vulnerabilidad de CSRF en admin/registration/register.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 permite a atacantes remotos secuestrar la autenticación de administradores en peticiones que envían estadísticas a una URL de hub arbitraria. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091 https://moodle.org/mod/forum/discuss.php?d=323230 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 12EXPL: 0

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature. Atto en Moodle 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 permite a atacantes remotos causar una denegación de servicio (consumo de disco) aprovechando el rol invitado e introduciendo borradores con la funcionalidad editor-autosave. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51000 https://moodle.org/mod/forum/discuss.php?d=323229 • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string. Vulnerabilidad de XSS en la función search_pagination en course/classes/management_renderer.php en Moodle 2.8.x en versiones anteriores a 2.8.10, 2.9.x en versiones anteriores a 2.9.4 y 3.0.x en versiones anteriores a 3.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una cadena de búsqueda manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176502.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176436.html http://www.openwall.com/lists/oss-security/2016/01/18/1 http://www.securitytracker.com/id/1034694 https://moodle.org/mod/forum/discuss.php?d=326206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request. El servicio web core_enrol_get_enrolled_users en enrol/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 no implementa adecuadamente las restricciones de acceso basadas en grupo, lo que permite a usuarios remotos autenticados obtener información sensible de participante de curso a través de una petición a servicio web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51861 https://moodle.org/mod/forum/discuss.php?d=323234 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 0%CPEs: 28EXPL: 0

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service. Vulnerabilidad de XSS en la función user_get_user_details en user/lib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.9, 2.8.x en versiones anteriores a 2.8.7 y 2.9.x en versiones anteriores a 2.9.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios aprovechando la ausencia de una llamada external_format_text en un servicio web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130 http://openwall.com/lists/oss-security/2015/07/13/2 http://www.securitytracker.com/id/1032877 https://moodle.org/mod/forum/discuss.php?d=316664 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •