Lucene search
K

4 matches found

OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2014-0483)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.02427EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.15 views

CVE-2014-7835

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting XSS attacks, by specifying the...

2.1CVSS5.9AI score0.01433EPSS
Exploits0References2
CVE
CVE
added 2014/11/24 11:0 a.m.45 views

CVE-2014-7835

CVE-2014-7835 affects Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3. The webservice/upload.php handler fails to ensure uploaded files are placed in a private/draft area, allowing remote authenticated users to upload JavaScript in the profile-picture area and perform cross-site scripting (XSS)....

2.1CVSS5.4AI score0.01433EPSS
Exploits0References4Affected Software1
Mageia
Mageia
added 2014/11/22 10:54 a.m.70 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS6.5AI score0.02427EPSS
Exploits0References17
Rows per page
Query Builder