Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-9v4v-9fj5-p982: Answer vulnerable to Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

ghsa
#xss#git
GHSA-6c32-3x46-m9rh: Answer vulnerable to Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-h85v-cx5m-78wj: Answer vulnerable to Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-786g-xv8v-9h93: Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

GHSA-2wmj-8mqg-r9q8: Moodle has Incorrect Default Permissions

In Moodle, insufficient capability checks meant message deletions were not limited to the current user.

GHSA-79jp-m64f-pgrc: Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

GHSA-j9cw-5cpj-9qj5: Moodle has a Hidden Functionality vulnerability

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

GHSA-gv8f-43pg-c5qw: Moodle Improper Input Validation vulnerability

In affected versions of Moodle, users' names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1.

GHSA-g6h6-4fp6-w33w: Moodle vulnerable to Stored Cross-site Scripting

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

GHSA-35wf-3wq2-r3hx: Moodle has Incorrect Default Permissions

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.