26 matches found
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...
CVE-2018-14631
CVE-2018-14631 affects Moodle before versions 3.5.2, 3.4.5, and 3.3.8. The vulnerability arises in the Boost theme’s blog search: the GET parameter used for search is not sufficiently filtered, and the breadcrumb navigation rendered for search results can be exploited to perform a reflected Cross...
moodle -- multiple vulnerabilities
moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...
FreeBSD : moodle -- multiple vulnerabilities (f72d98d1-0b7e-11e7-970f-002590263bf5)
Marina Glancy reports : - MSA-17-0001: System file inclusion when adding own preset file in Boost theme - MSA-17-0002: Incorrect sanitation of attributes in forums - MSA-17-0003: PHPMailer vulnerability in no-reply address - MSA-17-0004: XSS in assignment submission page %NASLMINLEVEL 70300 C...
Moodle 3.0.x < 3.0.8 Multiple Vulnerabilities
Binary data 9922.prm...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-17-0001: System file inclusion when adding own preset file in Boost theme MSA-17-0002: Incorrect sanitation of attributes in forums MSA-17-0003: PHPMailer vulnerability in no-reply address MSA-17-0004: XSS in assignment submission page...