Filtered by vendor Moodle Subscriptions
Total 544 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-1755 1 Moodle 1 Moodle 2024-08-04 5.3 Medium
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
CVE-2020-1691 1 Moodle 1 Moodle 2024-08-04 5.4 Medium
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
CVE-2020-1692 1 Moodle 1 Moodle 2024-08-04 8.1 High
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
CVE-2021-43560 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-04 5.3 Medium
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.
CVE-2021-43559 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-04 8.8 High
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2021-43558 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-04 6.1 Medium
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
CVE-2021-40695 1 Moodle 1 Moodle 2024-08-04 4.3 Medium
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVE-2021-40694 1 Moodle 1 Moodle 2024-08-04 4.9 Medium
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
CVE-2021-40692 1 Moodle 1 Moodle 2024-08-04 4.3 Medium
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVE-2021-40691 1 Moodle 1 Moodle 2024-08-04 4.3 Medium
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40693 1 Moodle 1 Moodle 2024-08-04 6.5 Medium
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVE-2021-36568 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-08-04 5.4 Medium
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVE-2021-36401 1 Moodle 1 Moodle 2024-08-04 4.8 Medium
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVE-2021-36398 1 Moodle 1 Moodle 2024-08-04 5.4 Medium
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
CVE-2021-36397 1 Moodle 1 Moodle 2024-08-04 5.3 Medium
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
CVE-2021-36395 1 Moodle 1 Moodle 2024-08-04 7.5 High
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVE-2021-36393 1 Moodle 1 Moodle 2024-08-04 9.8 Critical
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVE-2021-36402 1 Moodle 1 Moodle 2024-08-04 5.3 Medium
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
CVE-2021-36400 1 Moodle 1 Moodle 2024-08-04 5.3 Medium
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVE-2021-36396 1 Moodle 1 Moodle 2024-08-04 7.5 High
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.