CVSS: 3.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1833
https://notcve.org/view.php?id=CVE-2013-1833
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo File Picker de Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios autenticados de forma remota inyectar código script web de su elección o HTML a través de un nombre de fichero manipulado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6105
https://notcve.org/view.php?id=CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. blog/rsslib.php en Moodle v2.1.x antes de v2.1.10, v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x antes de v2.4.1 que continúa proporcionando un canal de blog RSS después de blogging se desactive , que permite a atacantes remotos obtener información sensible mediante la lectura de este feed. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37467 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6101
https://notcve.org/view.php?id=CVE-2012-6101
Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. Varias vulnerabilidades de múltiple redirirección en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x y antes de v2.4.1 que permiten a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores relacionados con (1 ) copia de seguridad / backupfilesedit.php, (2) comentario / comment_post.php, (3) course / switchrole.php, (4) mod / wiki / filesedit.php, (5) tag / coursetags_add.php, o (6) de usuario / files.php. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220162 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6104
https://notcve.org/view.php?id=CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. blog/rsslib.php en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y antes de v2.4.x , permite a atacantes remotos obtener información sensible de los blogs a nivel de sitio, aprovechando el papel de la huésped y de la lectura un feed RSS. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6099
https://notcve.org/view.php?id=CVE-2012-6099
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. El convertidor de copia de seguridad "moodle1" en backup/converter/moodle1/lib.php de Moodle v2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no valida correctamente las rutas, lo que permite a usuarios remotos autentificados leer ficheros arbitrarios aprovechándose de la funcionalidad de restauración de copias de seguridad. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220160 • CWE-20: Improper Input Validation •