Vulnerabilities > Moodle
|2023-06-22||CVE-2023-35131|| Cross-site Scripting vulnerability in Moodle |
Content on the groups page required additional sanitizing to prevent an XSS risk.
| 6.1 |
|2023-06-22||CVE-2023-35132|| SQL Injection vulnerability in Moodle |
A limited SQL injection risk was identified on the Mnet SSO access control page.
| 6.3 |
|2023-06-22||CVE-2023-35133|| Server-Side Request Forgery (SSRF) vulnerability in Moodle |
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk.
| 7.5 |
|2023-05-16||CVE-2021-27131|| Cross-site Scripting vulnerability in Moodle 3.10.1 |
** DISPUTED ** Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php.
| 5.4 |
|2023-05-02||CVE-2023-30943|| Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products |
The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders.
| 5.3 |
|2023-05-02||CVE-2023-30944|| SQL Injection vulnerability in multiple products |
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages.
| 7.3 |
|2023-03-23||CVE-2023-28329|| SQL Injection vulnerability in Moodle |
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
| 8.8 |
|2023-03-23||CVE-2023-28330|| Unspecified vulnerability in Moodle |
Insufficient sanitizing in backup resulted in an arbitrary file read risk.
| 6.5 |
|2023-03-23||CVE-2023-28331|| Cross-site Scripting vulnerability in Moodle |
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
| 6.1 |
|2023-03-06||CVE-2021-36402|| Unspecified vulnerability in Moodle |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
| 5.3 |