ReportizFlow
Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2232 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | ||||
| CVE-2005-2247 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | ||||
| CVE-2004-2233 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors. | ||||
| CVE-2004-1424 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2004-1425 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | ||||
| CVE-2006-4941 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | ||||
| CVE-2006-4937 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | ||||
| CVE-2004-0725 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2025-03-07 | 7.5 High |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | ||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | ||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2025-03-07 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | ||||