VYPR

Moodle

by Moodle

Source repositories

CVEs (570)

  • CVE-2021-32476Mar 11, 2022
    risk 0.00cvss epss 0.01

    A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

  • CVE-2021-32478Mar 11, 2022
    risk 0.00cvss epss 0.01

    The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.

  • CVE-2022-0335Jan 25, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

  • CVE-2022-0334Jan 25, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view…

  • CVE-2022-0333Jan 25, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

  • CVE-2022-0332Jan 25, 2022
    risk 0.00cvss epss 0.45

    A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

  • CVE-2019-14827May 17, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another…

  • CVE-2019-14831Mar 19, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the…

  • CVE-2019-14830Mar 19, 2021
    risk 0.00cvss epss 0.03

    A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does…

  • CVE-2019-14829Mar 19, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.

  • CVE-2019-14828Mar 19, 2021
    risk 0.00cvss epss 0.01

    A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be…

  • CVE-2020-1692Feb 17, 2020
    risk 0.00cvss epss 0.01

    Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.

  • CVE-2012-1161Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

  • CVE-2012-1170Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

  • CVE-2012-1169Nov 14, 2019
    risk 0.00cvss epss 0.02

    Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

  • CVE-2012-1160Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

  • CVE-2012-1159Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2: Overview report allows users to see hidden courses

  • CVE-2012-1158Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export

  • CVE-2012-1157Nov 14, 2019
    risk 0.00cvss epss 0.01

    Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

  • CVE-2012-1156Nov 14, 2019
    risk 0.00cvss epss 0.02

    Moodle before 2.2.2 has users' private files included in course backups

Page 14 of 29