Vulnerabilities > Moodle > Moodle > 3.7.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-43558 | Cross-site Scripting vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 6.1 |
| 2021-11-22 | CVE-2021-43559 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 8.8 |
| 2021-11-22 | CVE-2021-43560 | Exposure of Resource to Wrong Sphere vulnerability in multiple products A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. | 5.3 |
| 2021-01-28 | CVE-2021-20184 | Improper Validation of Integrity Check Value vulnerability in Moodle It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades. | 4.0 |
| 2021-01-28 | CVE-2021-20183 | Cross-site Scripting vulnerability in Moodle It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | 4.3 |
| 2020-12-08 | CVE-2020-25631 | Cross-site Scripting vulnerability in Moodle A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. | 4.3 |
| 2020-12-08 | CVE-2020-25630 | Resource Exhaustion vulnerability in Moodle A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. | 5.0 |
| 2020-12-08 | CVE-2020-25629 | Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typically, course managers) may gain access to some site administration capabilities by "logging in as" a System manager. | 8.8 |
| 2020-12-08 | CVE-2020-25628 | Cross-site Scripting vulnerability in Moodle The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. | 4.3 |
| 2020-11-19 | CVE-2020-25703 | Information Exposure vulnerability in multiple products The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. | 5.3 |