9 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-20283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each...
Moodle 3.8.x < 3.8.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...
Fedora: Security Advisory for moodle (FEDORA-2021-50f63a0161)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 33 : moodle (2021-431b232659)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-431b232659 advisory. - The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
Moodle < 3.5.17, 3.8.x < 3.8.8, 3.9.x < 3.9.5, 3.10.x < 3.10.2 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
CVE-2021-20283
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
CVE-2021-20283
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
CVE-2021-20283
The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...
CVE-2021-20283
CVE-2021-20283 affects Moodle versions prior to 3.10.2, 3.9.5, 3.8.8, and 3.5.17. The vulnerability is an Insecure Direct Object Reference (IDOR) where the web service that fetches other users’ enrolled courses did not verify that the requesting user has permission to view that information for ea...