30 matches found
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting StoredXSS. This affects Moodle 3.11 and Moodle...
Moodle 3.10.3 Cross Site Scripting
Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting Date: 22/04/2021 Exploit Author: UVision Vendor Homepage: https://moodle.org/ Software Link: https://download.moodle.org Version: 3.10.3 Tested on: Debian/Windows 10 By having the role of a teacher or an administrator or a manag...
CVE-2019-14828
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that...
UBUNTU-CVE-2019-14828
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that...
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developer...
Atutor Cross-Site Request Forgery Vulnerability
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site request forgery vulnerability exists in the /createcourse.php page in ATutor version 2.2.2,...
Udemy: Csrf on creating course
The investigator thought that since there was a CSRF token sent for a request that does not enforce CSRF he was bypassing it...
eFront 3.6.14 (build 18012) - Stored XSS in Multiple Parameters
No description provided by source. Exploit-DB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage: http://www.efrontlearning.net/ vulnerable app...
eFront 3.6.14 Cross Site Scripting Vulnerability
eFront version 3.6.14 build 18012 suffers from multiple stored cross site scripting vulnerabilities. EDB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage:...
eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit-DB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage: http://www.efrontlearning.net/ vulnerable app link:http://www.efrontlearning.net/download POC b...