CVE-2022-40316
https://notcve.org/view.php?id=CVE-2022-40316
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. El informe de intentos de actividad de H5P no filtró por grupos, lo que en el modo de grupos separados podría revelar información a profesores no editores sobre intentos/usuarios en grupos a los que no deberían tener acceso • https://bugzilla.redhat.com/show_bug.cgi?id=2128151 https://moodle.org/mod/forum/discuss.php?d=438395 • CWE-862: Missing Authorization •
CVE-2022-40315
https://notcve.org/view.php?id=CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page. Se ha identificado un riesgo limitado de inyección SQL en la página de administración del sitio "browse list of users" • https://bugzilla.redhat.com/show_bug.cgi?id=2128150 https://moodle.org/mod/forum/discuss.php?d=438394 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-40313
https://notcve.org/view.php?id=CVE-2022-40313
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. Una renderización recursiva de los helpers de las plantillas de Mustache que contienen entradas de usuario podría, en algunos casos, resultar en un riesgo de tipo XSS o a un fallo en la carga de la página • https://bugzilla.redhat.com/show_bug.cgi?id=2128146 https://moodle.org/mod/forum/discuss.php?d=438392 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-40314
https://notcve.org/view.php?id=CVE-2022-40314
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. Se ha identificado un riesgo de ejecución de código remota cuando son restaurados archivos de copia de seguridad procedentes de Moodle versión 1.9 • https://bugzilla.redhat.com/show_bug.cgi?id=2128147 https://moodle.org/mod/forum/discuss.php?d=438393 •
CVE-2022-35653
https://notcve.org/view.php?id=CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users. Se ha identificado un problema de tipo XSS reflejado en el módulo LTI de Moodle. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299 https://bugzilla.redhat.com/show_bug.cgi?id=2106277 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V https://moodle.org/mod/forum/discuss.php?d=436460 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •