VYPR

Moodle

by Moodle

Source repositories

CVEs (570)

  • CVE-2021-36400Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

  • CVE-2021-36403Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

  • CVE-2021-36396Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

  • CVE-2021-36401Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

  • CVE-2021-36392Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.

  • CVE-2021-36397Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, insufficient capability checks meant message deletions were not limited to the current user.

  • CVE-2021-36399Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

  • CVE-2021-36395Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

  • CVE-2021-36402Mar 6, 2023
    risk 0.00cvss epss 0.01

    In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.

  • CVE-2023-23921Feb 17, 2023
    risk 0.00cvss epss 0.01

    The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context…

  • CVE-2023-23922Feb 17, 2023
    risk 0.00cvss epss 0.01

    The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable…

  • CVE-2023-23923Feb 17, 2023
    risk 0.00cvss epss 0.01

    The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted…

  • CVE-2020-36633Dec 27, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to…

  • CVE-2022-45152Nov 25, 2022
    risk 0.00cvss epss 0.01

    A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An…

  • CVE-2022-45150Nov 23, 2022
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in…

  • CVE-2022-45151Nov 23, 2022
    risk 0.00cvss epss 0.01

    The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable…

  • CVE-2022-45149Nov 23, 2022
    risk 0.00cvss epss 0.00

    A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the…

  • CVE-2022-40314Sep 30, 2022
    risk 0.00cvss epss 0.02

    A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.

  • CVE-2021-36568Sep 13, 2022
    risk 0.00cvss epss 0.01

    In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects…

  • CVE-2020-14320Aug 16, 2022
    risk 0.00cvss epss 0.01

    In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.

Page 12 of 29