Vulnerabilities > Moodle > Moodle > 3.10.1

DATE CVE VULNERABILITY TITLE RISK
2023-05-16 CVE-2021-27131 Cross-site Scripting vulnerability in Moodle 3.10.1
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php.
network
low complexity
moodle CWE-79
5.4
2023-03-06 CVE-2021-36402 Unspecified vulnerability in Moodle
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
network
low complexity
moodle
5.3
2023-03-06 CVE-2021-36403 Unspecified vulnerability in Moodle
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
network
low complexity
moodle
5.3
2023-03-06 CVE-2021-36397 Unspecified vulnerability in Moodle
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
network
low complexity
moodle
5.3
2023-03-06 CVE-2021-36400 Authorization Bypass Through User-Controlled Key vulnerability in Moodle
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
network
low complexity
moodle CWE-639
5.3
2023-03-06 CVE-2021-36401 Cross-site Scripting vulnerability in Moodle
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
low complexity
moodle CWE-79
4.8
2023-03-06 CVE-2021-36392 SQL Injection vulnerability in Moodle
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
network
low complexity
moodle CWE-89
critical
9.8
2023-03-06 CVE-2021-36393 SQL Injection vulnerability in Moodle
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
network
low complexity
moodle CWE-89
critical
9.8
2023-03-06 CVE-2021-36394 Unspecified vulnerability in Moodle
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
network
low complexity
moodle
critical
9.8
2023-03-06 CVE-2021-36395 Uncontrolled Recursion vulnerability in Moodle
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
network
low complexity
moodle CWE-674
7.5