Filtered by vendor Moodle
Subscribe
Total
541 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43437 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files. | |||||
| CVE-2024-43439 | 1 Moodle | 1 Moodle | 2025-04-23 | N/A | 5.4 MEDIUM |
| A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk. | |||||
| CVE-2017-12156 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | |||||
| CVE-2016-3729 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | |||||
| CVE-2016-8642 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. | |||||
| CVE-2016-7038 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 7.3 HIGH |
| In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. | |||||
| CVE-2017-7490 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing. | |||||
| CVE-2017-7491 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting. | |||||
| CVE-2017-2642 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Moodle 3.x has user fullname disclosure on the user preferences page. | |||||
| CVE-2016-3733 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | |||||
| CVE-2017-2578 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, there is XSS in the assignment submission page. | |||||
| CVE-2017-2644 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Moodle 3.x, XSS can occur via evidence of prior learning. | |||||
| CVE-2017-15110 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. | |||||
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||
| CVE-2017-7531 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.3, the course overview block reveals activities in hidden courses. | |||||
| CVE-2016-5014 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course. | |||||
| CVE-2017-2576 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | |||||
| CVE-2017-7489 | 1 Moodle | 1 Moodle | 2025-04-20 | 6.5 MEDIUM | 6.3 MEDIUM |
| In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link. | |||||
| CVE-2017-12157 | 1 Moodle | 1 Moodle | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | |||||
| CVE-2016-5013 | 1 Moodle | 1 Moodle | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. | |||||