Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2023-01-12 CVE-2022-39183 Open Redirect vulnerability in Moodle Saml Authentication
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
network
low complexity
moodle CWE-601
6.1
2022-11-25 CVE-2022-45152 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle.
network
low complexity
moodle fedoraproject CWE-918
critical
9.1
2022-11-23 CVE-2022-45149 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.
network
low complexity
moodle fedoraproject CWE-352
5.4
2022-11-23 CVE-2022-45150 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting vulnerability was discovered in Moodle.
network
low complexity
moodle fedoraproject CWE-79
6.1
2022-11-23 CVE-2022-45151 Cross-site Scripting vulnerability in multiple products
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.
network
low complexity
moodle fedoraproject CWE-79
5.4
2022-10-06 CVE-2022-2986 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
network
low complexity
moodle CWE-352
8.8
2022-09-30 CVE-2022-40313 Cross-site Scripting vulnerability in multiple products
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
network
low complexity
moodle fedoraproject CWE-79
7.1
2022-09-30 CVE-2022-40314 Unspecified vulnerability in Moodle
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
network
low complexity
moodle
critical
9.8
2022-09-30 CVE-2022-40315 SQL Injection vulnerability in multiple products
A limited SQL injection risk was identified in the "browse list of users" site administration page.
network
low complexity
moodle fedoraproject CWE-89
critical
9.8
2022-09-30 CVE-2022-40316 Exposure of Resource to Wrong Sphere vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-668
4.3