Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:moodle:moodle:3.11.0:beta:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-38276 |
Incorrect CSRF token checks resulted in multiple CSRF risks. Published: June 18, 2024; 4:15:14 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-5551 |
Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups. Published: November 09, 2023; 3:15:11 PM -0500 |
V4.0:(not available) V3.1: 3.3 LOW V2.0:(not available) |
CVE-2023-5550 |
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. Published: November 09, 2023; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-5549 |
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Published: November 09, 2023; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-5548 |
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Published: November 09, 2023; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-5547 |
The course upload preview contained an XSS risk for users uploading unsafe data. Published: November 09, 2023; 3:15:10 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-5545 |
H5P metadata automatically populated the author with the user's username, which could be sensitive information. Published: November 09, 2023; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-5544 |
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Published: November 09, 2023; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-5541 |
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. Published: November 09, 2023; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-5540 |
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Published: November 09, 2023; 3:15:09 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-5539 |
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Published: November 09, 2023; 3:15:08 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-35133 |
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. Published: June 22, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-35132 |
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. Published: June 22, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.3 MEDIUM V2.0:(not available) |
CVE-2023-35131 |
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. Published: June 22, 2023; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-30944 |
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. Published: May 02, 2023; 4:15:11 PM -0400 |
V4.0:(not available) V3.1: 7.3 HIGH V2.0:(not available) |
CVE-2021-36403 |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36402 |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. Published: March 06, 2023; 6:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36401 |
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0:(not available) |
CVE-2021-36400 |
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2021-36397 |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user. Published: March 06, 2023; 5:15:09 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0:(not available) |