Vulnerabilities > Moodle > Moodle > 3.9.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-29 | CVE-2021-40692 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks made it possible for teachers to download users outside of their courses. | 4.3 |
2022-09-29 | CVE-2021-40693 | Improper Authentication vulnerability in Moodle An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 6.5 |
2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
2022-09-29 | CVE-2021-40695 | Unspecified vulnerability in Moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | 4.3 |
2022-09-13 | CVE-2021-36568 | Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). | 5.4 |
2022-07-25 | CVE-2022-35649 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. | 9.8 |
2022-07-25 | CVE-2022-35650 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. | 7.5 |
2022-07-25 | CVE-2022-35651 | Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. | 6.1 |
2022-07-25 | CVE-2022-35652 | Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. | 6.1 |
2022-07-25 | CVE-2022-35653 | Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. | 6.1 |