Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-0334

  • EPSS 0.23%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gr...

8.8

CVE-2022-0335

  • EPSS 0.17%
  • Veröffentlicht 25.01.2022 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

6.1

CVE-2021-43558

  • EPSS 0.61%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

8.8

CVE-2021-43559

  • EPSS 0.17%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

5.3

CVE-2021-43560

  • EPSS 0.31%
  • Veröffentlicht 22.11.2021 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

9.8

CVE-2021-3943

  • EPSS 1.2%
  • Veröffentlicht 22.11.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:23:12

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.

9.1

CVE-2021-21809

Exploit
  • EPSS 69.12%
  • Veröffentlicht 23.06.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 05:49:01

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabiliti...

5.4

CVE-2021-32244

Exploit
  • EPSS 0.13%
  • Veröffentlicht 16.06.2021 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:06:54

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.

6.1

CVE-2019-14827

  • EPSS 0.38%
  • Veröffentlicht 17.05.2021 16:15:07
  • Zuletzt bearbeitet 21.11.2024 04:27:26

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was ...

6.1

CVE-2019-14830

  • EPSS 1.3%
  • Veröffentlicht 19.03.2021 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:27

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being...