ReportizFlow
Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
606 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4941 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | ||||
| CVE-2004-1424 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2006-4785 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | ||||
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | ||||
| CVE-2004-1978 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | ||||
| CVE-2005-3648 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | ||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2025-03-07 | 7.5 High |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | ||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | ||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2025-03-07 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | ||||
| CVE-2021-36393 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | ||||