41 matches found
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
EUVD-2022-3532
Malicious code in bioql PyPI...
EUVD-2022-4602
Malicious code in bioql PyPI...
BIT-MOODLE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
VulnCheck KEV: CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's...
Moodle < 3.9.15 / 3.11.x < 3.11.8 / 4.0.x < 4.0.2 LTI Module Cross-Site-Scripting
Moodle is a free and open-source learning management system written in PHP. Moodle versions before 3.9.15, 3.11.x before 3.11.8 and 4.0.x before 4.0.2 suffer from a Cross-Site Scripting XSS vulnerability through the LTI module which only affects unauthenticated users. By crafting a specific HTTP...
Moodle 3.11.x < 3.11.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...
Moodle 3.9.x < 3.9.15 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...
The vulnerability of the LTI module in the virtual learning environment Moodle, which allows attackers to carry out phishing attacks or expose sensitive information
The vulnerability of the LTI module in the Moodle virtual training environment exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out phishing attacks or disclose sensitive information through a...
Cross Site Scripting (XSS)
Moodle is vulnerable to Cross Site Scripting. An attacker can supply malicious data to the LTI module. When a user visits the course page, an attacker can exfiltrate sensitive data and change the site's appearance. Authenticated users are not vulnerable...
Moodle LTI module reflected XSS risk
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
GHSA-62WH-M4JR-233R Moodle LTI module reflected XSS risk
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
Cross site scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2022-35653
Moodle LTI module Reflected Cross-Site Scripting (CVE-2022-35653) stems from insufficient sanitization of user-supplied data. A remote attacker can lure a user into opening a crafted link and execute arbitrary HTML/JavaScript in the victim’s browser, potentially stealing data or altering the page...
Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
Moodle 跨站脚本漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...