Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 4.0.0 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
7.5
CVSSv2
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5
CVSSv2
CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.3
CVSSv2
CVE-2010-2479
Cross-site scripting (XSS) vulnerability in HTML Purifier prior to 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Htmlpurifier Htmlpurifier
Htmlpurifier Htmlpurifier 3.1.0
Htmlpurifier Htmlpurifier 2.1.3
Htmlpurifier Htmlpurifier 2.1.0
Htmlpurifier Htmlpurifier 1.4.1
Htmlpurifier Htmlpurifier 1.4.0
Htmlpurifier Htmlpurifier 1.3.2
Htmlpurifier Htmlpurifier 3.3.0
Htmlpurifier Htmlpurifier 3.2.0
Htmlpurifier Htmlpurifier 3.0.0
Htmlpurifier Htmlpurifier 2.1.5
Htmlpurifier Htmlpurifier 2.1.2
Htmlpurifier Htmlpurifier 2.1.1
Htmlpurifier Htmlpurifier 2.0.0
Htmlpurifier Htmlpurifier 1.6.1
Htmlpurifier Htmlpurifier 1.1.1
Htmlpurifier Htmlpurifier 1.1.0
Htmlpurifier Htmlpurifier 1.0.1
Htmlpurifier Htmlpurifier 1.0.0
Htmlpurifier Htmlpurifier 4.0.0
Htmlpurifier Htmlpurifier 3.1.1
Htmlpurifier Htmlpurifier 2.1.4
4
CVSSv2
CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
3.5
CVSSv2
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle
Moodle Moodle 4.0.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
NA
CVE-2022-40208
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 3.11.0
Moodle Moodle
NA
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28330
Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »