Filtered by vendor Moodle Subscriptions
Total 548 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5542 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 3.3 Low
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
CVE-2023-5544 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 6.5 Medium
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVE-2023-5546 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-08-02 4.3 Medium
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
CVE-2023-5550 2 Fedoraproject, Moodle 3 Extra Packages For Enterprise Linux, Fedora, Moodle 2024-08-02 6.5 Medium
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.
CVE-2023-1402 1 Moodle 1 Moodle 2024-08-02 4.3 Medium
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
CVE-2024-38275 1 Moodle 1 Moodle 2024-08-02 7.5 High
The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
CVE-2024-37674 1 Moodle 1 Moodle 2024-08-02 5.5 Medium
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
CVE-2024-34009 1 Moodle 1 Moodle 2024-08-02 7.5 High
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.