15 matches found
EUVD-2026-25146
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()
A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878 ByteDance verl grader.py math_equal sandbox
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function mathequal of the file primemath/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
CVE-2026-6878
Technical details are not publicly available in the provided documents for CVE-2026-6878. Monitor for updates as new information may be added.
PT-2026-34591
A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math equal of the file prime math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be...
@astar-network/swanky-cli (>=2.2.0-alpha.0 <=2.2.3), @neon.id/uji-grader (>=1.0.0 <=1.2.0) +1 more potentially affected by CVE-2025-54803 via js-toml (>=0.1.1 <=1.0.0)
js-toml NPM version =0.1.1, =2.2.0-alpha.0, =1.0.0, =1.0.0, =1.2.0 Source cves: CVE-2025-54803 Source advisory: OSV:GHSA-65FC-CR5F-V7R2...
Moodle 4.2.x < 4.2.4 Multiple Cross-Site Scripting
According to its self-reported version, the Moodle install hosted on the remote host is 4.2.x prior to 4.2.4 or 4.3.x prior to 4.3.1. It is, therefore, affected by multiple cross-site scripting: - Reflected XSS risk on ad-hoc tasks page - Reflected XSS risk in grader report search - Stored XSS in...
Moodle 4.3 - Reflected XSS
Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...
Moodle 4.3 - Reflected XSS Vulnerability
Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...
moodle Cross-Site Scripting Vulnerability
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in moodle versions 4.3, 4.2 through 4.2.3, which stems from a cross-site scripting...
moodle Cross-Site Scripting Vulnerability
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in moodle versions 4.3, 4.2 through 4.2.3, which stems from a cross-site scripting...
PT-2023-30245 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle version 4.3 Description: The issue allows for reflected XSS in the /grade/report/grader/index.php endpoint when the searchvalue parameter is used, and the user is logged in as a teacher. According to the Moodle Security FAQ, teachers c...
Moodle 4.3 Cross Site Scripting Vulnerability
Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...
UBUNTU-CVE-2015-0216
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISKXSS bit for graders, which allows remote authenticated users to conduct cross-site scripting XSS attacks via crafted essay feedback...