Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-g88w-v4cq-qgcp: Moodle has an IDOR in badges allows disabling of arbitrary badges

Insufficient capability checks made it possible to disable badges a user does not have permission to access.

ghsa
#vulnerability#web#git
GHSA-5r85-6h7f-rg3r: Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block

Tags not expected to be visible to a user could still be discovered by them via the tag search page or in the tags block.

GHSA-cw24-f6fq-7j9v: Moodle allows teachers to evade trusttext config when restoring glossary entries

Additional checks were required to ensure trusttext is applied (when enabled) to glossary entries being restored.

GHSA-h697-w4ph-7pcx: Moodle has a stored XSS in ddimageortext question type

The drag-and-drop onto image (ddimageortext) question type required additional sanitizing to prevent a stored XSS risk.

GHSA-rg56-94j7-hjx9: Moodle has a SQL injection risk in course search module list filter

An SQL injection risk was identified in the module list filter within course search.

GHSA-wr88-x8cm-7cgq: Moodle has a stored XSS risk in admin live log

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

GHSA-4w32-c9g7-27qx: Moodle allows reflected XSS via question bank filter

The question bank filter required additional sanitizing to prevent a reflected XSS risk.

GHSA-vp58-j275-797x: Better Auth allows bypassing the trustedOrigins Protection which leads to ATO

### Summary A bypass was found for the security feature **trustedOrigins**. This works for wild card or absolute URLs trustedOrigins configs and opens the victims website to a **Open Redirect** vulnerability, where it can be used to steal the **reset password token** of a victims account by changing the "callbackURL" parameter value to a website owned by the attacker. ### Details #### Absolute URLs The issue here appears in the **middleware**, [specifically](https://github.com/better-auth/better-auth/blob/ddebd0358d74376ea64541512d0167dd4377f182/packages/better-auth/src/api/middlewares/origin-check.ts#L53). This protection is not sufficiente and it allows attackers to get a open redirect, by using the payload `/\/example.com`. We can check this is a valid URL ( or it will be a valid URL because the URL parser fix it for us ), by checking the image bellow: ![image](https://github.com/user-attachments/assets/d192f06d-358d-4612-97d9-cab89ba55b06) ```typescript // trustedOrigins = [ ...

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts.

GHSA-2cj2-qqxj-5m3r: Phusion Passenger denial of service

The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method.