Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-25699

  • EPSS 0.34%
  • Published 19.11.2020 17:15:12
  • Last modified 21.11.2024 05:18:30

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupp...

6.5

CVE-2020-25700

  • EPSS 0.45%
  • Published 19.11.2020 17:15:12
  • Last modified 21.11.2024 05:18:30

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3....

5.3

CVE-2020-25701

  • EPSS 0.34%
  • Published 19.11.2020 17:15:12
  • Last modified 21.11.2024 05:18:30

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead to unintended users gaining access to the course. Ve...

6.1

CVE-2020-25702

  • EPSS 0.37%
  • Published 19.11.2020 17:15:12
  • Last modified 21.11.2024 05:18:31

In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.

8.8

CVE-2020-10738

  • EPSS 2.34%
  • Published 21.05.2020 16:15:10
  • Last modified 21.11.2024 04:55:58

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted...

9.1

CVE-2019-14880

  • EPSS 0.24%
  • Published 31.03.2020 16:15:13
  • Last modified 21.11.2024 04:27:35

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of accou...

5.3

CVE-2019-14883

  • EPSS 0.29%
  • Published 18.03.2020 13:15:12
  • Last modified 21.11.2024 04:27:36

A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to k...

6.1

CVE-2019-14884

  • EPSS 0.35%
  • Published 18.03.2020 13:15:12
  • Last modified 21.11.2024 04:27:36

A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.

6.1

CVE-2019-14881

  • EPSS 0.52%
  • Published 18.03.2020 13:15:11
  • Last modified 21.11.2024 04:27:35

A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.

6.1

CVE-2019-14882

  • EPSS 0.38%
  • Published 18.03.2020 13:15:11
  • Last modified 21.11.2024 04:27:36

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.