Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2021-20283

  • EPSS 0.15%
  • Veröffentlicht 15.03.2021 22:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:16

The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

5.3

CVE-2021-20185

  • EPSS 0.38%
  • Veröffentlicht 28.01.2021 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:05

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.

5.4

CVE-2021-20183

  • EPSS 0.46%
  • Veröffentlicht 28.01.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:05

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.

4.3

CVE-2021-20184

  • EPSS 0.15%
  • Veröffentlicht 28.01.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:05

It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.

5.4

CVE-2021-20186

  • EPSS 0.53%
  • Veröffentlicht 28.01.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:05

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

7.2

CVE-2021-20187

  • EPSS 0.68%
  • Veröffentlicht 28.01.2021 19:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:05

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

6.1

CVE-2020-25627

  • EPSS 5.35%
  • Veröffentlicht 09.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:16

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This affects versions 3.9 to 3.9.1. Fixed in 3.9.2.

6.1

CVE-2020-25631

  • EPSS 0.34%
  • Veröffentlicht 08.12.2020 01:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:17

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.

6.1

CVE-2020-25628

  • EPSS 0.25%
  • Veröffentlicht 08.12.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:16

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

8.8

CVE-2020-25629

  • EPSS 0.55%
  • Veröffentlicht 08.12.2020 01:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:16

A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. This affects 3.9 to 3.9.1, 3.8 ...