Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
Moodle Moodle 4.1.0
Moodle Moodle 4.1.1
NA
CVE-2023-28336
Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
Fedoraproject Fedora 36
NA
CVE-2023-1402
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
Moodle Moodle 4.0.0
Moodle Moodle 3.9.0
Moodle Moodle 4.1.0
Moodle Moodle 3.11.0
Moodle Moodle
Moodle Moodle 4.1.1
NA
CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
Moodle Moodle
NA
CVE-2021-36403
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
Moodle Moodle
NA
CVE-2021-36397
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
Moodle Moodle
NA
CVE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle 3.11.0
NA
CVE-2021-36400
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
Moodle Moodle
NA
CVE-2021-36401
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
Moodle Moodle
NA
CVE-2021-36398
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Moodle Moodle 3.11.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »