Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:moodle:moodle:3.10.0:-:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-38276 |
Incorrect CSRF token checks resulted in multiple CSRF risks. Published: June 18, 2024; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-1439 |
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. Published: February 12, 2024; 6:15:08 AM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2021-36403 |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36402 |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36401 |
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2021-36400 |
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36397 |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36396 |
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-36395 |
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-36394 |
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-36393 |
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-36392 |
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-40695 |
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-40694 |
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2021-40693 |
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-40692 |
Insufficient capability checks made it possible for teachers to download users outside of their courses. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-40691 |
A session hijack risk was identified in the Shibboleth authentication plugin. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2022-30600 |
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-30599 |
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-30598 |
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |