EUVD-2012-2332

Malware in sbrugna...

EUVD-2022-4163

Malicious code in bioql PyPI...

GHSA-HHQ7-JF2P-HW9C Moodle multiple cross-site request forgery (CSRF) vulnerabilities

Multiple cross-site request forgery CSRF vulnerabilities in 1 editcategories.html and 2 editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims...

Cross-Site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. The application does not check for a session key in the Glossary module, allowing a malicious user to hijack the authentication of other users through editcategories.html and editcategories.php...

CVE-2015-0213

Multiple cross-site request forgery CSRF vulnerabilities in 1 editcategories.html and 2 editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims...

UBUNTU-CVE-2015-0213

Multiple cross-site request forgery CSRF vulnerabilities in 1 editcategories.html and 2 editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims...

CVE-2015-0213

Multiple cross-site request forgery CSRF vulnerabilities in 1 editcategories.html and 2 editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims...

CVE-2015-0213

Multiple cross-site request forgery CSRF vulnerabilities in 1 editcategories.html and 2 editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims...

Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.7, absence of a capability check in AJAX backend script in the LTI module could allow any enrolled user to search the list of registered tools CVE-2015-0211. In Moodle before 2.6.7, the course summary on course request...

JAWS Glossary 0.4/0.5 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13796/info JAWS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'Glossary' module. This may facilitate the theft of...

CVE-2012-2339

Cross-site scripting XSS vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."...

Cross site scripting

Cross-site scripting XSS vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."...

CVE-2012-2339

The CVE-2012-2339 entry concerns Drupal’s contributed Glossary module (versions 6.x-1.x prior to 6.x-1.8). Root cause: insufficient sanitization of taxonomy information in the glossary indicator feature, enabling Cross-Site Scripting (XSS) via unspecified vectors. Impact is XSS vulnerability for ...

CVE-2012-2339

Cross-site scripting XSS vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."...

SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)

CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...

Debian DSA-1986-1 : moodle - several vulnerabilities

Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-4297 Multiple cross-site request forgery CSRF vulnerabilities have been discovered. - CVE-2009-4298 It has be...

Debian: Security Advisory (DSA-1986-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-4299

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...

CVE-2009-4299

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...

Design/Logic Flaw

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...