Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2021-36394

  • EPSS 23.88%
  • Published 06.03.2023 21:15:10
  • Last modified 06.03.2025 16:15:37

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

7.5

CVE-2021-36395

  • EPSS 0.2%
  • Published 06.03.2023 21:15:10
  • Last modified 07.03.2025 19:15:32

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

7.5

CVE-2021-36396

  • EPSS 0.76%
  • Published 06.03.2023 21:15:10
  • Last modified 05.03.2025 16:15:35

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

6.1

CVE-2023-23921

  • EPSS 0.21%
  • Published 17.02.2023 20:15:11
  • Last modified 21.11.2024 07:47:06

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code ...

6.1

CVE-2023-23922

  • EPSS 0.25%
  • Published 17.02.2023 20:15:11
  • Last modified 21.11.2024 07:47:06

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brow...

8.2

CVE-2023-23923

  • EPSS 0.36%
  • Published 17.02.2023 20:15:11
  • Last modified 21.11.2024 07:47:06

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to othe...

9.1

CVE-2022-45152

  • EPSS 0.74%
  • Published 25.11.2022 19:15:12
  • Last modified 29.04.2025 15:15:52

A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in...

5.4

CVE-2022-45149

  • EPSS 0.26%
  • Published 23.11.2022 15:15:10
  • Last modified 25.04.2025 20:15:35

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A ...

6.1

CVE-2022-45150

  • EPSS 0.26%
  • Published 23.11.2022 15:15:10
  • Last modified 25.04.2025 20:15:36

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitr...

5.4

CVE-2022-45151

  • EPSS 0.25%
  • Published 23.11.2022 15:15:10
  • Last modified 25.04.2025 20:15:36

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser i...