Vulnerabilities > Moodle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-24 | CVE-2024-34312 | Cross-site Scripting vulnerability in Moodle Virtual Programming LAB Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | 6.1 |
2024-06-18 | CVE-2024-38276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Incorrect CSRF token checks resulted in multiple CSRF risks. | 8.8 |
2024-05-31 | CVE-2024-34008 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | 8.8 |
2023-11-09 | CVE-2023-5543 | When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. | 3.3 |
2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
2023-11-09 | CVE-2023-5541 | Cross-site Scripting vulnerability in Moodle The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | 6.1 |
2023-11-09 | CVE-2023-5542 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Students in "Only see own membership" groups could see other students in the group, which should be hidden. | 4.3 |
2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |
2023-11-09 | CVE-2023-5545 | Exposure of Resource to Wrong Sphere vulnerability in multiple products H5P metadata automatically populated the author with the user's username, which could be sensitive information. | 5.3 |