Page 51 of 402 results (0.011 seconds)

CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cohort/edit_form.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo idnumber. NOTA: esta vulnerabilidad existe debido a una mala implementación de la solución para CVE-2012-2365. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. La función is_enrolled en lib/accesslib.php en Moodle v2.2.x anteriores a v2.2.4 y v2.3.x anteriores a v2.3.1 no interactúa de forma adecuada con la característica de cacheado, lo qe podría permitir a usuarios remotos autenticados evitar el control de capacidad a través de vectores que provocan un cacheado del registro de usuario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76955 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en mod/lti/typessettings.php en Moodle v2.2.x anteriores a v2.2.4 y v2.3.x anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) lti_typename o (2) lti_toolurl. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76965 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 21EXPL: 0

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. Vulnerabilidad de inyección SQL en mod/feedback/complete.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un formulario de datos modificado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 3.5EPSS: 0%CPEs: 11EXPL: 0

Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en repository/lib.php en Moodle v2.1.x anteriores a v2.1.7 y v2.2.x anteriores a v2.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML renombrando un repositorio. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76959 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •