Vulnerabilities > Moodle > Moodle > 2.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-43560 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 5.3 |
| 2021-01-28 | CVE-2021-20187 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. | 7.2 |
| 2021-01-28 | CVE-2021-20186 | Unspecified vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. | 5.4 |
| 2021-01-28 | CVE-2021-20184 | Unspecified vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | 4.3 |
| 2021-01-28 | CVE-2021-20183 | Unspecified vulnerability in Moodle It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | 5.4 |
| 2020-02-17 | CVE-2020-1692 | Unspecified vulnerability in Moodle Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | 6.5 |
| 2020-02-11 | CVE-2019-18210 | Cross-site Scripting vulnerability in Moodle Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. | 5.4 |
| 2019-07-31 | CVE-2019-10189 | Unspecified vulnerability in Moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. | 4.3 |
| 2019-07-31 | CVE-2019-10188 | Unspecified vulnerability in Moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. | 4.3 |
| 2019-07-31 | CVE-2019-10187 | Missing Authorization vulnerability in Moodle A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. | 4.3 |