Filtered by vendor Moodle Subscriptions
Total 550 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-43439 1 Moodle 1 Moodle 2024-11-12 5.4 Medium
A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk.
CVE-2024-43435 1 Moodle 1 Moodle 2024-11-12 5.3 Medium
A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary.
CVE-2024-43433 1 Moodle 1 Moodle 2024-11-12 5.3 Medium
A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users.
CVE-2024-43430 1 Moodle 1 Moodle 2024-11-12 5.3 Medium
A flaw was found in moodle. External API access to Quiz can override contained insufficient access control.
CVE-2024-43438 1 Moodle 1 Moodle 2024-11-08 7.5 High
A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.
CVE-2024-43431 1 Moodle 1 Moodle 2024-11-08 7.5 High
A vulnerability was found in Moodle. Insufficient capability checks made it possible to delete badges that a user does not have permission to access.
CVE-2024-43436 1 Moodle 1 Moodle 2024-11-08 7.2 High
A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators.
CVE-2024-43434 1 Moodle 1 Moodle 2024-11-08 8.1 High
The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability.
CVE-2024-43440 1 Moodle 1 Moodle 2024-11-08 7.5 High
A flaw was found in moodle. A local file may include risks when restoring block backups.
CVE-2024-43425 1 Moodle 1 Moodle 2024-11-08 8.1 High
A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.