Filtered by vendor Moodle Subscriptions
Total 531 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5547 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-09-04 3.3 Low
The course upload preview contained an XSS risk for users uploading unsafe data.
CVE-2023-5551 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-09-04 3.3 Low
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.
CVE-2023-5539 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-09-03 4.7 Medium
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVE-2024-34008 1 Moodle 1 Moodle 2024-09-03 8.8 High
Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
CVE-2024-38276 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-08-08 8.8 High
Incorrect CSRF token checks resulted in multiple CSRF risks.
CVE-2024-34312 1 Moodle 1 Virtual Programming Lab 2024-08-08 6.1 Medium
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
CVE-2004-2235 1 Moodle 1 Moodle 2024-08-08 N/A
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
CVE-2004-2237 1 Moodle 1 Moodle 2024-08-08 N/A
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
CVE-2004-2233 1 Moodle 1 Moodle 2024-08-08 N/A
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
CVE-2004-2236 1 Moodle 1 Moodle 2024-08-08 N/A
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
CVE-2004-2234 1 Moodle 1 Moodle 2024-08-08 N/A
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
CVE-2004-2232 1 Moodle 1 Moodle 2024-08-08 N/A
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
CVE-2004-1978 1 Moodle 1 Moodle 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
CVE-2004-1711 1 Moodle 1 Moodle 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
CVE-2004-1425 1 Moodle 1 Moodle 2024-08-08 N/A
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
CVE-2004-1424 1 Moodle 1 Moodle 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2004-0725 1 Moodle 1 Moodle 2024-08-08 N/A
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2005-3649 1 Moodle 1 Moodle 2024-08-07 N/A
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
CVE-2005-3648 1 Moodle 1 Moodle 2024-08-07 N/A
Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php.
CVE-2005-2247 1 Moodle 1 Moodle 2024-08-07 N/A
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.