Filtered by vendor Moodle
Subscriptions
Total
538 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-28329 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.8 High |
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | ||||
CVE-2023-23923 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.2 High |
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | ||||
CVE-2023-23922 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | ||||
CVE-2023-23921 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | ||||
CVE-2023-5549 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | ||||
CVE-2023-5540 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 4.7 Medium |
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. | ||||
CVE-2023-5543 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting. | ||||
CVE-2023-5548 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | ||||
CVE-2023-5541 | 1 Moodle | 1 Moodle | 2024-08-02 | 3.3 Low |
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | ||||
CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||
CVE-2023-5542 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 3.3 Low |
Students in "Only see own membership" groups could see other students in the group, which should be hidden. | ||||
CVE-2023-5544 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 6.5 Medium |
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | ||||
CVE-2023-5546 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 4.3 Medium |
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | ||||
CVE-2023-5550 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 6.5 Medium |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. | ||||
CVE-2023-1402 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | ||||
CVE-2024-38275 | 1 Moodle | 1 Moodle | 2024-08-02 | 7.5 High |
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | ||||
CVE-2024-37674 | 1 Moodle | 1 Moodle | 2024-08-02 | 5.5 Medium |
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | ||||
CVE-2024-34009 | 1 Moodle | 1 Moodle | 2024-08-02 | 7.5 High |
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized. |