3.9.12

DATE	CVE	VULNERABILITY TITLE	RISK
2022-07-25	CVE-2022-35650	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. network low complexity moodle fedoraproject CWE-20	7.5
2022-07-25	CVE-2022-35651	Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. network low complexity moodle redhat fedoraproject CWE-79	6.1
2022-07-25	CVE-2022-35652	Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. network low complexity moodle fedoraproject CWE-601	6.1
2022-07-25	CVE-2022-35653	Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. network low complexity moodle fedoraproject redhat CWE-79	6.1
2022-05-18	CVE-2022-30597	A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. network low complexity moodle redhat fedoraproject	5.3
2022-05-18	CVE-2022-30598	A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. network low complexity moodle redhat fedoraproject	4.3
2022-05-18	CVE-2022-30599	SQL Injection vulnerability in multiple products A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. network low complexity moodle redhat fedoraproject CWE-89 critical	9.8
2022-05-18	CVE-2022-30600	Incorrect Calculation vulnerability in multiple products A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. network low complexity moodle redhat fedoraproject CWE-682 critical	9.8
2022-05-18	CVE-2022-30596	Cross-site Scripting vulnerability in multiple products A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. network low complexity moodle redhat fedoraproject CWE-79	5.4
2022-04-29	CVE-2022-0984	Incorrect Authorization vulnerability in multiple products Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. network low complexity moodle fedoraproject redhat CWE-863	4.0