Filtered by vendor Moodle
Subscriptions
Total
550 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2986 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | ||||
CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | ||||
CVE-2022-0984 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | ||||
CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 8.8 High |
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | ||||
CVE-2022-0335 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | ||||
CVE-2022-0334 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | ||||
CVE-2022-0333 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.8 Low |
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | ||||
CVE-2022-0332 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | ||||
CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 5.3 Medium |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | ||||
CVE-2021-43559 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 8.8 High |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | ||||
CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.1 Medium |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | ||||
CVE-2021-40695 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | ||||
CVE-2021-40694 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.9 Medium |
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | ||||
CVE-2021-40693 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.5 Medium |
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | ||||
CVE-2021-40692 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
Insufficient capability checks made it possible for teachers to download users outside of their courses. | ||||
CVE-2021-40691 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
A session hijack risk was identified in the Shibboleth authentication plugin. | ||||
CVE-2021-3943 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | ||||
CVE-2021-36568 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.4 Medium |
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | ||||
CVE-2021-36403 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
CVE-2021-36402 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. |