Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-14320
In Moodle prior to 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
Moodle Moodle
Moodle Moodle 3.9.0
1 Github repository
7.5
CVSSv3
CVE-2020-14322
In Moodle prior to 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
Moodle Moodle
Moodle Moodle 3.9.0
5.3
CVSSv3
CVE-2020-1755
In Moodle prior to 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
Moodle Moodle
7.2
CVSSv3
CVE-2020-1756
In Moodle prior to 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
Moodle Moodle
5.4
CVSSv3
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
Moodle Moodle 3.8.0
4.3
CVSSv3
CVE-2020-1754
In Moodle prior to 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
Moodle Moodle
Moodle Moodle 3.8.1
Moodle Moodle 3.8.0
6.1
CVSSv3
CVE-2022-35651
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user...
Moodle Moodle 4.0.0
Moodle Moodle
Moodle Moodle 4.0.1
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.1
CVSSv3
CVE-2022-35652
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exp...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.5
CVSSv3
CVE-2022-35650
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote malicious user to perform directory traversal attacks. The capability...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
9.8
CVSSv3
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerabilit...
Moodle Moodle
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »