Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
529 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14322 | 1 Moodle | 1 Moodle | 2024-08-04 | 7.5 High |
| In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | ||||
| CVE-2020-14321 | 1 Moodle | 1 Moodle | 2024-08-04 | 8.8 High |
| In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | ||||
| CVE-2020-14320 | 1 Moodle | 1 Moodle | 2024-08-04 | 6.1 Medium |
| In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2020-10738 | 1 Moodle | 1 Moodle | 2024-08-04 | 7.5 High |
| A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | ||||
| CVE-2020-1756 | 1 Moodle | 1 Moodle | 2024-08-04 | 7.2 High |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | ||||
| CVE-2020-1754 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.3 Medium |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | ||||
| CVE-2020-1755 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.3 Medium |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | ||||
| CVE-2020-1691 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.4 Medium |
| In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | ||||
| CVE-2020-1692 | 1 Moodle | 1 Moodle | 2024-08-04 | 8.1 High |
| Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | ||||
| CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-04 | 5.3 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | ||||
| CVE-2021-43559 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-04 | 8.8 High |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | ||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-04 | 6.1 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2021-40695 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.3 Medium |
| It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | ||||
| CVE-2021-40694 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.9 Medium |
| Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | ||||
| CVE-2021-40692 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.3 Medium |
| Insufficient capability checks made it possible for teachers to download users outside of their courses. | ||||
| CVE-2021-40691 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.3 Medium |
| A session hijack risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-40693 | 1 Moodle | 1 Moodle | 2024-08-04 | 6.5 Medium |
| An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | ||||
| CVE-2021-36568 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-04 | 5.4 Medium |
| In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | ||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2024-08-04 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||