Vulnerabilities > Moodle > Moodle > 3.5.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-43560 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 5.3 |
| 2021-01-28 | CVE-2021-20184 | Unspecified vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | 4.3 |
| 2021-01-28 | CVE-2021-20183 | Unspecified vulnerability in Moodle It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | 5.4 |
| 2020-02-17 | CVE-2020-1692 | Unspecified vulnerability in Moodle Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | 6.5 |
| 2020-02-11 | CVE-2019-18210 | Cross-site Scripting vulnerability in Moodle Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users (Teacher and above) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the introeditor[text] parameter. | 5.4 |
| 2019-06-26 | CVE-2019-10154 | Unspecified vulnerability in Moodle A flaw was found in Moodle before versions 3.7, 3.6.4. | 7.5 |
| 2019-03-26 | CVE-2019-3852 | Unspecified vulnerability in Moodle A vulnerability was found in moodle before version 3.6.3. | 4.3 |