Vulnerabilities > Moodle > Moodle > 3.10.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-18 | CVE-2022-30596 | Cross-site Scripting vulnerability in multiple products A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | 5.4 |
2022-04-29 | CVE-2022-0984 | Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | 4.0 |
2022-04-29 | CVE-2022-0985 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | 4.3 |
2022-03-25 | CVE-2022-0983 | SQL Injection vulnerability in multiple products An SQL injection risk was identified in Badges code relating to configuring criteria. | 8.8 |
2022-01-25 | CVE-2022-0333 | Incorrect Authorization vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 3.8 |
2022-01-25 | CVE-2022-0334 | Exposure of Resource to Wrong Sphere vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 4.3 |
2022-01-25 | CVE-2022-0335 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. | 8.8 |
2021-11-22 | CVE-2021-3943 | Improper Input Validation vulnerability in Moodle A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 9.8 |
2021-11-22 | CVE-2021-43558 | Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 6.1 |
2021-11-22 | CVE-2021-43559 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 8.8 |