Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:moodle:moodle:3.10.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-38276 |
Incorrect CSRF token checks resulted in multiple CSRF risks. Published: June 18, 2024; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2021-36403 |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36402 |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36401 |
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2021-36400 |
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36397 |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36396 |
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-36395 |
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2021-36394 |
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-36393 |
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-36392 |
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. Published: March 06, 2023; 4:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2021-40695 |
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-40694 |
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2021-40693 |
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2021-40692 |
Insufficient capability checks made it possible for teachers to download users outside of their courses. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-40691 |
A session hijack risk was identified in the Shibboleth authentication plugin. Published: September 28, 2022; 11:15:14 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2021-36568 |
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. Published: September 13, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-30600 |
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-30599 |
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-30598 |
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. Published: May 18, 2022; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |