28 matches found
EUVD-2024-3291
Malicious code in bioql PyPI...
EUVD-2022-3034
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-43434
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2024-43438
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned b...
BIT-MOODLE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
Moodle has CSRF risk in Feedback non-respondents report
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
GHSA-X87R-37Q5-MMR8 Moodle has CSRF risk in Feedback non-respondents report
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to improper verification of message recipients in the non-respondents report feature. An attacker can send messages to arbitrary site users by exploiting this verification...
CVE-2024-43438
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
CVE-2024-43438
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
UBUNTU-CVE-2024-43434
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
UBUNTU-CVE-2024-43438
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
CVE-2024-43438
CVE-2024-43438 affects Moodle’s Feedback feature: in the activity’s non-respondents report, bulk messaging did not verify that recipients are limited to the users returned by the report, enabling potential messaging of unintended users. The CVSS 3.1 vector indicates Network attack vector, Low att...
CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
CVE-2024-43434 Moodle: csrf risk in feedback non-respondents report
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
CVE-2024-43434 Moodle: csrf risk in feedback non-respondents report
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...
PT-2024-30582 · Feedback +1 · Feedback +1
Name of the Vulnerable Software and Affected Versions: Feedback affected versions not specified Description: A flaw was found in Feedback where bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...
SUSE CVE-2017-12156
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback...