Moodle

Moodle

624 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2019-10133

  • EPSS 0.17%
  • Veröffentlicht 26.06.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:29

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.

4.3

CVE-2019-10134

  • EPSS 0.19%
  • Veröffentlicht 26.06.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:29

A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.

7.5

CVE-2019-10154

  • EPSS 0.24%
  • Veröffentlicht 26.06.2019 19:15:11
  • Zuletzt bearbeitet 21.11.2024 04:18:31

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations.

4.8

CVE-2019-3847

  • EPSS 1%
  • Veröffentlicht 27.03.2019 13:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:41

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have a...

4.3

CVE-2019-3848

  • EPSS 0.13%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:42

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calen...

8.8

CVE-2019-3849

  • EPSS 0.37%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:42

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

6.1

CVE-2019-3850

  • EPSS 0.07%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and witho...

4.3

CVE-2019-3851

  • EPSS 0.18%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.

4.3

CVE-2019-3852

  • EPSS 0.13%
  • Veröffentlicht 26.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:43

A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities

5.4

CVE-2019-3808

  • EPSS 0.14%
  • Veröffentlicht 25.03.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 04:42:34

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places....