CVE-2022-45151
- EPSS 0.66%
- Veröffentlicht 23.11.2022 15:15:10
- Zuletzt bearbeitet 25.04.2025 20:15:36
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser i...
CVE-2022-2986
- EPSS 0.39%
- Veröffentlicht 06.10.2022 18:16:00
- Zuletzt bearbeitet 21.11.2024 07:02:02
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
CVE-2022-40313
- EPSS 0.53%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 19:15:47
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVE-2022-40314
- EPSS 1.53%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 19:15:47
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVE-2022-40315
- EPSS 0.83%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 17:15:45
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVE-2022-40316
- EPSS 0.54%
- Veröffentlicht 30.09.2022 17:15:13
- Zuletzt bearbeitet 20.05.2025 17:15:45
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVE-2021-40691
- EPSS 0.71%
- Veröffentlicht 29.09.2022 03:15:14
- Zuletzt bearbeitet 21.11.2024 06:24:34
A session hijack risk was identified in the Shibboleth authentication plugin.
CVE-2021-40692
- EPSS 0.63%
- Veröffentlicht 29.09.2022 03:15:14
- Zuletzt bearbeitet 21.11.2024 06:24:34
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVE-2021-40693
- EPSS 0.83%
- Veröffentlicht 29.09.2022 03:15:14
- Zuletzt bearbeitet 21.11.2024 06:24:34
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVE-2021-40694
- EPSS 0.9%
- Veröffentlicht 29.09.2022 03:15:14
- Zuletzt bearbeitet 21.11.2024 06:24:34
Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.