7 matches found
Moodle < 3.9.23 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16, 4.0.x prior to 4.0.10, 4.1.x prior to 4.1.5 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities. - Insufficient limitations made it possibl...
Moodle 4.0.x < 4.0.10 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16, 4.0.x prior to 4.0.10, 4.1.x prior to 4.1.5 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities. - Insufficient limitations made it possibl...
Moodle 3.11.x < 3.11.16 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16, 4.0.x prior to 4.0.10, 4.1.x prior to 4.1.5 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities. - Insufficient limitations made it possibl...
Moodle 4.1.x < 4.1.5 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16, 4.0.x prior to 4.0.10, 4.1.x prior to 4.1.5 or 4.2.x prior to 4.2.2. It is, therefore, affected by multiple vulnerabilities. - Insufficient limitations made it possibl...
PT-2023-15234 · Ghost Foundation · Ghost
Name of the Vulnerable Software and Affected Versions: Ghost Foundation Ghost version 5.9.4 Description: An insecure default vulnerability exists in the Post Creation functionality, allowing non-administrator users to inject arbitrary Javascript in posts. This enables privilege escalation to...
in osticket/osticket
Description The URL parser incorrectly parses the URL given IFrame src attributes. An attacker is able to inject iframe elements linking to arbitrary domains which can be viewed by admins, bypassing the embedded domain whitelist. Proof of Concept will render malicious-server site rather than...
CVE-2018-11039
Spring Framework versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions allow web applications to change the HTTP request method to any HTTP method including TRACE using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS...