Total
494 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4583 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | |||||
| CVE-2011-4582 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.9 MEDIUM | N/A |
| Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | |||||
| CVE-2011-4287 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | |||||
| CVE-2018-10891 | 1 Moodle | 1 Moodle | 2020-10-23 | 7.5 HIGH | 7.3 HIGH |
| A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank. | |||||
| CVE-2019-3808 | 1 Moodle | 1 Moodle | 2020-10-19 | 4.0 MEDIUM | 5.4 MEDIUM |
| A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. | |||||
| CVE-2019-3849 | 1 Moodle | 1 Moodle | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | |||||
| CVE-2019-14883 | 1 Moodle | 1 Moodle | 2020-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | |||||
| CVE-2019-10189 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | |||||
| CVE-2019-10187 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. | |||||
| CVE-2019-10188 | 1 Moodle | 1 Moodle | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. | |||||
| CVE-2019-10154 | 1 Moodle | 1 Moodle | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. | |||||
| CVE-2018-1081 | 1 Moodle | 1 Moodle | 2020-08-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. | |||||
| CVE-2018-1133 | 1 Moodle | 1 Moodle | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | |||||
| CVE-2019-3852 | 1 Moodle | 1 Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | |||||
| CVE-2019-3851 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | |||||
| CVE-2020-10738 | 1 Moodle | 1 Moodle | 2020-05-22 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | |||||
| CVE-2019-14880 | 1 Moodle | 1 Moodle | 2020-04-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | |||||
| CVE-2019-14881 | 1 Moodle | 1 Moodle | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
| CVE-2019-14879 | 1 Moodle | 1 Moodle | 2020-03-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | |||||
| CVE-2019-14882 | 1 Moodle | 1 Moodle | 2020-03-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | |||||