Vulnerabilities > Moodle > Moodle > 2.1.7

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-0334 Exposure of Resource to Wrong Sphere vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-668
4.3
4.3
2022-01-25 CVE-2022-0335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-352
8.8
8.8
2021-11-22 CVE-2021-43558 Cross-site Scripting vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-22 CVE-2021-43560 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-668
5.3
5.3
2021-01-28 CVE-2021-20187 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
network
low complexity
moodle CWE-829
7.2
7.2
2021-01-28 CVE-2021-20186 Cross-site Scripting vulnerability in Moodle
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
network
high complexity
moodle CWE-79
2.1
2.1
2021-01-28 CVE-2021-20184 Improper Validation of Integrity Check Value vulnerability in Moodle
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
network
low complexity
moodle CWE-354
4.0
4.0
2021-01-28 CVE-2021-20183 Cross-site Scripting vulnerability in Moodle
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
network
moodle CWE-79
4.3
4.3
2020-02-17 CVE-2020-1692 Unspecified vulnerability in Moodle
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
network
low complexity
moodle
6.5
6.5