Total
494 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | |||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | |||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 4.8 MEDIUM |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | |||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | |||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.4 MEDIUM |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.4 MEDIUM |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | |||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 5.3 MEDIUM |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | |||||
| CVE-2021-36396 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 7.5 HIGH |
| In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | |||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 7.5 HIGH |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | |||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | |||||
| CVE-2021-36393 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | |||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2023-03-13 | N/A | 9.8 CRITICAL |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | |||||
| CVE-2023-23923 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 8.2 HIGH |
| The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. | |||||
| CVE-2023-23922 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2023-23921 | 1 Moodle | 1 Moodle | 2023-02-28 | N/A | 6.1 MEDIUM |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2012-3396 | 1 Moodle | 1 Moodle | 2023-02-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. | |||||
| CVE-2012-3394 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
| auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | |||||
| CVE-2012-2364 | 1 Moodle | 1 Moodle | 2023-02-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | |||||
| CVE-2012-3390 | 1 Moodle | 1 Moodle | 2023-02-12 | 3.5 LOW | N/A |
| lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block. | |||||