Vulnerabilities > Moodle > Moodle > 3.5.1

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2019-3808 Cross-site Scripting vulnerability in Moodle
A flaw was found in Moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions.
network
low complexity
moodle CWE-79
4.0
4.0
2019-03-21 CVE-2019-6970 Server-Side Request Forgery (SSRF) vulnerability in Moodle
Moodle 3.5.x before 3.5.4 allows SSRF.
network
moodle CWE-918
6.0
6.0
2018-11-26 CVE-2018-16854 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier.
network
moodle CWE-352
6.8
6.8
2018-09-17 CVE-2018-14631 Cross-site Scripting vulnerability in Moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered.
network
moodle CWE-79
4.3
4.3
2018-09-17 CVE-2018-14630 Code Injection vulnerability in Moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution.
network
low complexity
moodle CWE-94
6.5
6.5