Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-68x5-4jg5-gjgg: Moodle CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.

ghsa
#csrf#vulnerability#git
GHSA-gq9f-8rj4-w7jc: Moodle CSRF risk in admin preset tool management of presets

Actions in the admin preset tool did not include the necessary token to prevent a CSRF risk.

GHSA-r2wx-46gp-rp3h: Moodle Improper Input Validation

Unsafe direct use of $_SERVER['HTTP_REFERER'] in admin/tool/mfa/index.php. The referrer URL used by MFA required additional sanitizing, rather than being used directly.

GHSA-8qwh-4vwv-7c5m: Moodle Cross-site Scripting (XSS)

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk.

GHSA-4qww-rxq6-x7gf: Moodle broken access control when setting calendar event type

Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.

GHSA-9qgq-93c7-9hm4: Moodle stored Cross-site Scripting (XSS)

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user's equation.

GHSA-xqhh-253w-4q5f: Moodle Cross-site Scripting (XSS)

Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.

GHSA-9hfw-cvf4-5x25: wanEditor was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload function

There is a cross-site scripting (XSS) issue in wanEditor via the image upload function in version 4.7.11. This issue has been fixed in version 4.7.12.

How to tell if a VPN app added your Windows device to a botnet

This post will help users find out if their Windows device has been added to the 911 S5 botnet by a malicious VPN application

changedetection 0.45.20 Remote Code Execution

changedetection versions 0.45.20 and below suffer from a remote code execution vulnerability.