3.11.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-25	CVE-2022-35649	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. network low complexity moodle fedoraproject CWE-20 critical	9.8
2022-07-25	CVE-2022-35650	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. network low complexity moodle fedoraproject CWE-20	7.5
2022-07-25	CVE-2022-35651	Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. network low complexity moodle redhat fedoraproject CWE-79	6.1
2022-07-25	CVE-2022-35652	Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. network low complexity moodle fedoraproject CWE-601	6.1
2022-07-25	CVE-2022-35653	Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. network low complexity moodle fedoraproject redhat CWE-79	6.1
2022-05-18	CVE-2022-30597	A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. network low complexity moodle redhat fedoraproject	5.3
2022-05-18	CVE-2022-30598	A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. network low complexity moodle redhat fedoraproject	4.3
2022-05-18	CVE-2022-30599	SQL Injection vulnerability in multiple products A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. network low complexity moodle redhat fedoraproject CWE-89 critical	9.8
2022-05-18	CVE-2022-30600	Incorrect Calculation vulnerability in multiple products A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. network low complexity moodle redhat fedoraproject CWE-682 critical	9.8
2022-05-18	CVE-2022-30596	Cross-site Scripting vulnerability in multiple products A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. network low complexity moodle redhat fedoraproject CWE-79	5.4