Vulnerabilities > Moodle > Moodle > 3.9.4

DATE CVE VULNERABILITY TITLE RISK
2022-03-11 CVE-2021-32475 Cross-site Scripting vulnerability in Moodle
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
network
moodle CWE-79
3.5
3.5
2022-03-11 CVE-2021-32476 Allocation of Resources Without Limits or Throttling vulnerability in Moodle
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits.
network
low complexity
moodle CWE-770
7.5
7.5
2022-03-11 CVE-2021-32478 Cross-site Scripting vulnerability in Moodle
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks.
network
low complexity
moodle CWE-79
6.1
6.1
2022-01-25 CVE-2022-0333 Incorrect Authorization vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-863
3.8
3.8
2022-01-25 CVE-2022-0334 Exposure of Resource to Wrong Sphere vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-668
4.3
4.3
2022-01-25 CVE-2022-0335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-352
8.8
8.8
2021-11-22 CVE-2021-3943 Improper Input Validation vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle CWE-20
critical
 9.8
9.8
2021-11-22 CVE-2021-43558 Cross-site Scripting vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-11-22 CVE-2021-43560 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-668
5.3
5.3