Sam Hemelryk

#11580de 53,635
23.7CVSS total
Vulnerabilidades · 5
Baixa
1
Média
4
PT-2021-8977
6.1
2019-09-11
Moodle · Moodle · CVE-2019-14827
**Nome do software vulnerável e versões afetadas** Versões do Moodle 3.5 a 3.5.7 Versões do Moodle 3.6 a 3.6.5 Versões do Moodle 3.7 a 3.7.1 **Descrição** Foi identificada uma vulnerabilidade que permitia a injeção de JavaScript em alguns modelos Mustache por meio da renderização recursiva a partir de contextos. Isso ocorreu porque as tags auxiliares Mustache incluídas nos contextos dos modelos não estavam sendo escapadas antes de o contexto ser injetado em outro auxiliar Mustache, o que poderia resultar na injeção de script em alguns modelos. **Recomendações** Para as versões 3.5 a 3.5.7, atualize para uma versão posterior à 3.5.7 para resolver o problema. Para as versões 3.6 a 3.6.5, atualize para uma versão posterior à 3.6.5 para resolver o problema. Para as versões 3.7 a 3.7.1, atualize para uma versão posterior à 3.7.1 para resolver o problema. Como solução alternativa temporária, considere restringir o uso da renderização recursiva em modelos Mustache para minimizar o risco de exploração.
PT-2015-1591
4.3
2015-03-18
Moodle · Moodle · CVE-2015-2270
**Name of the Vulnerable Software and Affected Versions** Moodle versions prior to 2.5.9 Moodle versions 2.6.x before 2.6.9 Moodle versions 2.7.x before 2.7.6 Moodle versions 2.8.x before 2.8.4 **Description** The issue is related to errors in the code of the lib/moodlelib.php component in the Moodle learning management system. Exploitation of this issue may allow a remote attacker to gain access to protected information. The vulnerability is exploited when the theme uses the blocks-regions feature, and the course state is established at an incorrect point in the login-validation process, allowing remote attackers to obtain sensitive course information. **Recommendations** For Moodle versions prior to 2.5.9, update to version 2.5.9 or later. For Moodle versions 2.6.x before 2.6.9, update to version 2.6.9 or later. For Moodle versions 2.7.x before 2.7.6, update to version 2.7.6 or later. For Moodle versions 2.8.x before 2.8.4, update to version 2.8.4 or later.
PT-2012-3981
3.5
2012-07-21
Moodle · Moodle · CVE-2012-2360
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.x through 2.0.8 Moodle versions 2.1.x through 2.1.5 Moodle versions 2.2.x through 2.2.2 **Description** A cross-site scripting (XSS) issue exists in the Wiki subsystem, allowing remote authenticated users to inject arbitrary web script or HTML via a crafted string inserted into a page title. **Recommendations** For Moodle versions 2.0.x through 2.0.8, update to version 2.0.9 or later. For Moodle versions 2.1.x through 2.1.5, update to version 2.1.6 or later. For Moodle versions 2.2.x through 2.2.2, update to version 2.2.3 or later.
PT-2012-1839
4.9
2012-07-16
Moodle · Moodle · CVE-2011-4291
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.0 through 2.0.2 **Description** The issue allows remote authenticated users to cause a denial of service by creating invalid database records through a series of crafted ratings operations. **Recommendations** For Moodle versions 2.0.0 through 2.0.2, update to version 2.0.3 or later to resolve the issue.
PT-2012-1840
4.9
2012-07-16
Moodle · Moodle · CVE-2011-4292
**Name of the Vulnerable Software and Affected Versions** Moodle versions 2.0.0 through 2.0.2 **Description** The issue allows remote authenticated users to cause a denial of service by creating invalid database records through a series of crafted comments operations. **Recommendations** For Moodle versions 2.0.0 through 2.0.2, update to version 2.0.3 or later to resolve the issue.