Vulnerabilities > Moodle > Moodle > 3.11.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-23 | CVE-2023-28336 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | 4.3 |
2023-02-17 | CVE-2023-23921 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |
2023-02-17 | CVE-2023-23923 | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
2022-11-23 | CVE-2022-45149 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. | 5.4 |
2022-11-23 | CVE-2022-45150 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting vulnerability was discovered in Moodle. | 6.1 |
2022-11-23 | CVE-2022-45151 | Cross-site Scripting vulnerability in multiple products The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. | 5.4 |
2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
2022-09-30 | CVE-2022-40314 | Unspecified vulnerability in Moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | 9.8 |
2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |