Vulnerabilities > Moodle > Moodle > 3.9.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2023-23921 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |
| 2023-02-17 | CVE-2023-23923 | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
| 2022-11-25 | CVE-2022-45152 | Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. | 9.1 |
| 2022-11-23 | CVE-2022-45149 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. | 5.4 |
| 2022-11-23 | CVE-2022-45150 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting vulnerability was discovered in Moodle. | 6.1 |
| 2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
| 2022-09-30 | CVE-2022-40314 | Unspecified vulnerability in Moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | 9.8 |
| 2022-09-30 | CVE-2022-40315 | SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. | 9.8 |
| 2022-09-30 | CVE-2022-40316 | Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 4.3 |
| 2022-09-29 | CVE-2021-40691 | Unspecified vulnerability in Moodle A session hijack risk was identified in the Shibboleth authentication plugin. | 4.3 |