Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 4.0.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28331
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28332
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28334
Authenticated users were able to enumerate other users' names via the learning plans page.
Moodle Moodle 4.0.0
Moodle Moodle 4.1.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28329
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
Fedoraproject Fedora 36
NA
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user...
Moodle Moodle 4.0.0
Moodle Moodle
Moodle Moodle 4.0.1
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
NA
CVE-2022-35653
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script cod...
Moodle Moodle 4.0.0
Moodle Moodle
Moodle Moodle 4.0.1
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Redhat Enterprise Linux 8.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2