Filtered by vendor Moodle Subscriptions
Total 538 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-28329 1 Moodle 1 Moodle 2024-08-02 8.8 High
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
CVE-2023-23923 1 Moodle 1 Moodle 2024-08-02 8.2 High
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
CVE-2023-23922 1 Moodle 1 Moodle 2024-08-02 6.1 Medium
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
CVE-2023-23921 1 Moodle 1 Moodle 2024-08-02 6.1 Medium
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
CVE-2023-5549 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
CVE-2023-5540 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 4.7 Medium
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.
CVE-2023-5543 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.
CVE-2023-5548 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
CVE-2023-5541 1 Moodle 1 Moodle 2024-08-02 3.3 Low
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVE-2023-5545 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVE-2023-5542 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-5544 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 6.5 Medium
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5546 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 4.3 Medium
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVE-2023-5550 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 6.5 Medium
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-1402 1 Moodle 1 Moodle 2024-08-02 4.3 Medium
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
CVE-2024-38275 1 Moodle 1 Moodle 2024-08-02 7.5 High
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-37674 1 Moodle 1 Moodle 2024-08-02 5.5 Medium
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2024-34009 1 Moodle 1 Moodle 2024-08-02 7.5 High
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.