The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-02-19
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
CVSS Score
3.5
EPSS Score
0.002
Published
2024-02-19
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-02-19
The URL parameters accepted by forum search were not limited to the allowed parameters.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-02-19
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CVSS Score
4.3
EPSS Score
0.029
Published
2010-11-07
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
CVSS Score
4.3
EPSS Score
0.025
Published
2010-11-07
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.016
Published
2007-12-27
Page 8