3.9.9

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-18	CVE-2024-48896	Information Exposure Through an Error Message vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-209	4.3
2024-11-18	CVE-2024-48897	Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-863	4.3
2024-11-18	CVE-2024-48898	Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-862	4.3
2024-11-18	CVE-2024-48901	Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-863	4.3
2024-06-18	CVE-2024-38276	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Incorrect CSRF token checks resulted in multiple CSRF risks. network low complexity fedoraproject moodle CWE-352	8.8
2024-02-12	CVE-2024-1439	Unspecified vulnerability in Moodle Inadequate access control in Moodle LMS. local low complexity moodle	3.3
2023-11-09	CVE-2023-5539	Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. network low complexity moodle fedoraproject CWE-94	8.8
2023-11-09	CVE-2023-5540	Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. network low complexity moodle fedoraproject CWE-94	8.8
2023-11-09	CVE-2023-5541	Cross-site Scripting vulnerability in Moodle The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. network low complexity moodle CWE-79	6.1
2023-11-09	CVE-2023-5544	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. network low complexity moodle redhat fedoraproject CWE-639	5.4