Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2019-3847

  • EPSS 1.06%
  • Published 27.03.2019 13:29:01
  • Last modified 21.11.2024 04:42:41

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have a...

4.3

CVE-2019-3848

  • EPSS 0.13%
  • Published 26.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:42

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calen...

8.8

CVE-2019-3849

  • EPSS 0.37%
  • Published 26.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:42

A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

6.1

CVE-2019-3850

  • EPSS 0.13%
  • Published 26.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:43

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and witho...

4.3

CVE-2019-3851

  • EPSS 0.23%
  • Published 26.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:43

A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.

4.3

CVE-2019-3852

  • EPSS 0.23%
  • Published 26.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:43

A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities

5.4

CVE-2019-3808

  • EPSS 0.35%
  • Published 25.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:34

A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places....

10

CVE-2019-3809

  • EPSS 0.28%
  • Published 25.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:35

A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility...

6.1

CVE-2019-3810

Exploit
  • EPSS 9.51%
  • Published 25.03.2019 18:29:00
  • Last modified 21.11.2024 04:42:35

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this...

7.5

CVE-2019-6970

  • EPSS 0.37%
  • Published 21.03.2019 16:01:10
  • Last modified 30.05.2025 16:15:24

Moodle 3.5.x before 3.5.4 allows SSRF.