) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:moodle:moodle:3.3.3
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-1082 |
A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site. Published: April 04, 2018; 5:29:00 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
| CVE-2018-1081 |
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. Published: April 04, 2018; 5:29:00 PM -0400 |
V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2018-1045 |
In Moodle 3.x, there is XSS via a calendar event name. Published: January 22, 2018; 3:29:00 AM -0500 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2018-1044 |
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. Published: January 22, 2018; 3:29:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-1043 |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. Published: January 22, 2018; 3:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-1042 |
Moodle 3.x has Server Side Request Forgery in the filepicker. Published: January 22, 2018; 3:29:00 AM -0500 |
V3.0: 6.5 MEDIUM V2.0: 4.0 MEDIUM |