Lucene search
+L

171 matches found

CVE
CVE
added 2023/06/29 12:0 a.m.36 views

CVE-2023-34831

The CVE-2023-34831 entry affects Turnitin LTI tool/plugin version 1.3, specifically the Submission Web Form. The vulnerability is HTML Injection via the id and title HTTP POST parameters used when students submit reports for similarity checks. Connected sources corroborate this HTML injection iss...

5.4CVSS5.8AI score0.00448EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.18 views

Moodle < 3.9.15 / 3.11.x < 3.11.8 / 4.0.x < 4.0.2 LTI Module Cross-Site-Scripting

Moodle is a free and open-source learning management system written in PHP. Moodle versions before 3.9.15, 3.11.x before 3.11.8 and 4.0.x before 4.0.2 suffer from a Cross-Site Scripting XSS vulnerability through the LTI module which only affects unauthenticated users. By crafting a specific HTTP...

6.1CVSS6.2AI score0.03747EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.42 views

Moodle 3.11.x < 3.11.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.34 views

Moodle 3.9.x < 3.9.15 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...

9.8CVSS7.6AI score0.49102EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.55 views

Moodle 3.11.x < 3.11.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.15, 3.11.x prior to 3.11.8 or 4.0.x prior to 4.0.2. It is, therefore, affected by multiple vulnerabilities: - A code injection through an omitted execution parameter elading to Remote Code Execution RCE for sites running...

9.8CVSS7.6AI score0.49102EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.56 views

Moodle 3.9.x < 3.9.18 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.45 views

Moodle 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

9.1CVSS6.2AI score0.01352EPSS
Exploits0References8
Veracode
Veracode
added 2023/02/02 4:55 a.m.21 views

Missing Authorization

lticonsumerxblock is vulnerable to Missing Authorization. The vulnerability exists in signals.py because of the lack of security validation in the LTI Tool which allows attackers to submit scores for any LTI XBlock on the platform using the malicious LTI tool...

5.4CVSS5.7AI score0.00384EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/01/26 9:18 p.m.63 views

CVE-2023-23611

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/01/26 9:18 p.m.25 views

Authorization

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.5CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/01/26 9:18 p.m.38 views

PYSEC-2023-21

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.5AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2023/01/25 5:39 a.m.138 views

CVE-2023-23611

The CVE-2023-23611 entry concerns the LTI Consumer XBlock for Open edX. Affected: LTI Consumer XBlock versions 7.0.0 and above, before 7.2.2. Issue: Missing Authorization allows any integrated LTI tool to post grades for any LTI XBlock by guessing the block location via the resource_link_id, comp...

5.4CVSS5.4AI score0.00384EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/25 5:39 a.m.7 views

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.8AI score0.00384EPSS
Exploits0References1
OSV
OSV
added 2023/01/25 5:39 a.m.38 views

CVE-2023-23611 xblock-lti-consumer contain Missing Authorization in Grade Pass Back Implementation

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

5.4CVSS5.6AI score0.00384EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2022/12/20 2:5 p.m.14 views

Cengage LTI Session Management Leakage

Prior to December 10, 2022, Cengage, an education technology provider in use in many higher education environments primarily in the United States, had two issues in the way it handled session management over its Learning Tools Integration LTI pipeline. The first issue involves leaving unexpectedl...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2022/11/29 12:0 a.m.23 views

Moodle < 3.9.18, 3.11.x < 3.11.11, 4.x < 4.0.5 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.1CVSS7.4AI score0.01352EPSS
Exploits0References3
Veracode
Veracode
added 2022/11/28 4:25 a.m.45 views

Server-side Request Forgery (SSRF)

moodle/moodle is vulnerable to server-side request forgery. An attacker can make HTTP requests to untrusted URLs through the send function of HTTPMessage.php and gain access to sensitive information through the LTI provider library...

9.1CVSS8.6AI score0.01352EPSS
Exploits0References15Affected Software1
Github Security Blog
Github Security Blog
added 2022/11/25 9:30 p.m.28 views

Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

9.1CVSS6.7AI score0.01352EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/11/25 9:30 p.m.23 views

GHSA-XQCF-VGQC-PCMG Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

9.1CVSS9AI score0.01352EPSS
Exploits0References11
NVD
NVD
added 2022/11/25 7:15 p.m.17 views

CVE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

9.1CVSS0.01352EPSS
Exploits0References6
Rows per page
Query Builder