Vulnerabilities > Moodle > Moodle > 3.7.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-43558 | Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 6.1 |
| 2021-11-22 | CVE-2021-43559 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 8.8 |
| 2021-11-22 | CVE-2021-43560 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 5.3 |
| 2021-01-28 | CVE-2021-20184 | Improper Validation of Integrity Check Value vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | 4.0 |
| 2021-01-28 | CVE-2021-20183 | Cross-site Scripting vulnerability in Moodle It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | 4.3 |
| 2020-12-08 | CVE-2020-25631 | Cross-site Scripting vulnerability in Moodle A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. | 4.3 |
| 2020-12-08 | CVE-2020-25630 | Resource Exhaustion vulnerability in Moodle A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. | 5.0 |
| 2020-12-08 | CVE-2020-25629 | Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. | 8.8 |
| 2020-12-08 | CVE-2020-25628 | Cross-site Scripting vulnerability in Moodle The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. | 4.3 |
| 2020-05-21 | CVE-2020-10738 | Improper Input Validation vulnerability in Moodle A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. | 8.8 |