Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-23922
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnera...
Moodle Moodle 4.1.0
Moodle Moodle
8.2
CVSSv3
CVE-2023-23923
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote malicious user to gain unauthorized access to otherwise restrict...
Moodle Moodle 4.1.0
Moodle Moodle
6.1
CVSSv3
CVE-2022-39183
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
Moodle Saml Authentication -
6.5
CVSSv3
CVE-2020-36633
A vulnerability was found in moodle-block_sitenews 1.0. It has been classified as problematic. This affects the function get_content of the file block_sitenews.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to ...
Moodle-block Sitenews Project Moodle-block Sitenews
9.1
CVSSv3
CVE-2022-45152
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An at...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Extra Packages For Enterprise Linux 7.0
Fedoraproject Fedora 37
6.1
CVSSv3
CVE-2022-45150
A reflected cross-site scripting vulnerability exists in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user'...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.4
CVSSv3
CVE-2022-45149
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.4
CVSSv3
CVE-2022-45151
The stored-XSS vulnerability exists in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
8.8
CVSSv3
CVE-2022-2986
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
Moodle Moodle
9.8
CVSSv3
CVE-2022-40314
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
Moodle Moodle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »