Filtered by vendor Moodle Subscriptions
Total 544 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-30597 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-03 5.3 Medium
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVE-2022-30598 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-03 4.3 Medium
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVE-2022-30596 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-03 5.4 Medium
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVE-2022-30599 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-03 9.8 Critical
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVE-2022-30600 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-03 9.8 Critical
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVE-2022-2986 1 Moodle 1 Moodle 2024-08-03 8.8 High
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
CVE-2022-0984 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 4.3 Medium
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVE-2022-0985 1 Moodle 1 Moodle 2024-08-02 4.3 Medium
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
CVE-2022-0983 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 8.8 High
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVE-2022-0333 1 Moodle 1 Moodle 2024-08-02 3.8 Low
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.
CVE-2022-0332 1 Moodle 1 Moodle 2024-08-02 9.8 Critical
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.
CVE-2022-0334 1 Moodle 1 Moodle 2024-08-02 4.3 Medium
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.
CVE-2022-0335 1 Moodle 1 Moodle 2024-08-02 8.8 High
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2023-46858 1 Moodle 1 Moodle 2024-08-02 5.4 Medium
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
CVE-2023-35132 1 Moodle 1 Moodle 2024-08-02 6.3 Medium
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35133 1 Moodle 1 Moodle 2024-08-02 7.5 High
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVE-2023-35131 1 Moodle 1 Moodle 2024-08-02 6.1 Medium
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVE-2023-30943 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 6.5 Medium
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.
CVE-2023-30944 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 5.6 Medium
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.
CVE-2023-28336 2 Fedoraproject, Moodle 2 Fedora, Moodle 2024-08-02 4.3 Medium
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.