Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2022-0334

  • EPSS 0.23%
  • Published 25.01.2022 20:15:08
  • Last modified 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gr...

8.8

CVE-2022-0335

  • EPSS 0.17%
  • Published 25.01.2022 20:15:08
  • Last modified 21.11.2024 06:38:24

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

6.1

CVE-2021-43558

  • EPSS 0.61%
  • Published 22.11.2021 16:15:08
  • Last modified 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.

8.8

CVE-2021-43559

  • EPSS 0.17%
  • Published 22.11.2021 16:15:08
  • Last modified 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk.

5.3

CVE-2021-43560

  • EPSS 0.31%
  • Published 22.11.2021 16:15:08
  • Last modified 21.11.2024 06:29:26

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

9.8

CVE-2021-3943

  • EPSS 1.2%
  • Published 22.11.2021 16:15:07
  • Last modified 21.11.2024 06:23:12

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.

9.1

CVE-2021-21809

Exploit
  • EPSS 69.12%
  • Published 23.06.2021 22:15:08
  • Last modified 21.11.2024 05:49:01

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabiliti...

5.4

CVE-2021-32244

Exploit
  • EPSS 0.13%
  • Published 16.06.2021 21:15:08
  • Last modified 21.11.2024 06:06:54

Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.

6.1

CVE-2019-14827

  • EPSS 0.38%
  • Published 17.05.2021 16:15:07
  • Last modified 21.11.2024 04:27:26

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was ...

6.1

CVE-2019-14830

  • EPSS 1.3%
  • Published 19.03.2021 21:15:12
  • Last modified 21.11.2024 04:27:27

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being...