Vulnerabilities > Moodle > Moodle > 3.9.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2023-23921 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |
| 2023-02-17 | CVE-2023-23923 | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
| 2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
| 2022-11-23 | CVE-2022-45149 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. | 5.4 |
| 2022-11-23 | CVE-2022-45150 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting vulnerability was discovered in Moodle. | 6.1 |
| 2022-09-30 | CVE-2022-40316 | Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 4.3 |