5 matches found
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the missing capability check in the calendar event creation flow. An attacker can access private or restricted group...
CVE-2022-39020
Multiple instances of XSS stored and reflected was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting...
CVE-2022-39020
Multiple instances of XSS stored and reflected was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting...
Cross site scripting
Multiple instances of XSS stored and reflected was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting...
CVE-2022-39020 Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd
Multiple instances of XSS stored and reflected was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting...