Lucene search
K

8 matches found

OSV
OSV
added 2024/03/06 10:58 a.m.36 views

BIT-MOODLE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

5.4CVSS5.1AI score0.00617EPSS
Exploits1References4
0day.today
0day.today
added 2024/02/27 12:0 a.m.148 views

Moodle 4.3 - Reflected XSS Vulnerability

Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/02/27 12:0 a.m.179 views

Moodle 4.3 - Insecure Direct Object Reference Vulnerability

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/27 12:0 a.m.215 views

Moodle 4.3 Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.411 views

Moodle 4.3 - Reflected XSS

Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.306 views

Moodle 4.3 - Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/10/29 12:0 a.m.15 views

CVE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

6AI score0.00617EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/10/29 12:0 a.m.21 views

PT-2023-30245 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle version 4.3 Description: The issue allows for reflected XSS in the /grade/report/grader/index.php endpoint when the searchvalue parameter is used, and the user is logged in as a teacher. According to the Moodle Security FAQ, teachers c...

9.8CVSS5.5AI score0.00944EPSS
Exploits1References42
Rows per page
Query Builder