Show filters
543 Total Results
Displaying 51-60 of 543
Sort by:
Attacker Value
Unknown

CVE-2021-36403

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36402

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36401

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
Attack Vector: Adjacent NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-36400

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36399

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-36398

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-36397

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36396

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36395

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-36394

Disclosure Date: March 06, 2023 (last updated October 08, 2023)
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >