Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30943 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 6.5 Medium |
| The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | ||||
| CVE-2023-30944 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 5.6 Medium |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | ||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-02 | 4.3 Medium |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | ||||
| CVE-2023-28331 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
| Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | ||||
| CVE-2023-28333 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-02 | 9.8 Critical |
| The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | ||||
| CVE-2023-28334 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
| Authenticated users were able to enumerate other users' names via the learning plans page. | ||||
| CVE-2023-28332 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
| If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | ||||
| CVE-2023-28335 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.8 High |
| The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2023-28330 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.5 Medium |
| Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | ||||
| CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.8 High |
| Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | ||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.2 High |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | ||||
| CVE-2023-23922 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2023-23921 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
| Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | ||||
| CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 4.7 Medium |
| A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | ||||
| CVE-2023-5543 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
| When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | ||||
| CVE-2023-5548 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
| Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | ||||
| CVE-2023-5541 | 1 Moodle | 1 Moodle | 2024-08-02 | 3.3 Low |
| The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | ||||
| CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
| H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||
| CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
| Students in "Only see own membership" groups could see other students in the group, which should be hidden. | ||||