CVE-2021-40695
- EPSS 0.85%
- Veröffentlicht 29.09.2022 03:15:14
- Zuletzt bearbeitet 21.11.2024 06:24:35
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVE-2021-36568
- EPSS 0.79%
- Veröffentlicht 13.09.2022 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:50
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting S...
CVE-2020-14320
- EPSS 0.58%
- Veröffentlicht 16.08.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 05:03:00
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVE-2020-14321
- EPSS 16.43%
- Veröffentlicht 16.08.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 05:03:00
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVE-2020-14322
- EPSS 0.8%
- Veröffentlicht 16.08.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 05:03:00
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVE-2020-1755
- EPSS 0.48%
- Veröffentlicht 16.08.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 05:11:19
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
CVE-2020-1756
- EPSS 0.86%
- Veröffentlicht 16.08.2022 21:15:09
- Zuletzt bearbeitet 21.11.2024 05:11:19
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
CVE-2020-1691
- EPSS 0.52%
- Veröffentlicht 05.08.2022 16:15:10
- Zuletzt bearbeitet 21.11.2024 05:11:10
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
CVE-2020-1754
- EPSS 0.54%
- Veröffentlicht 05.08.2022 16:15:10
- Zuletzt bearbeitet 23.06.2026 16:16:57
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
CVE-2022-35649
- EPSS 6.44%
- Veröffentlicht 25.07.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 07:11:26
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exp...