4.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-23	CVE-2022-45151	Cross-site Scripting vulnerability in multiple products The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. network low complexity moodle fedoraproject CWE-79	5.4
2022-10-06	CVE-2022-2986	Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. network low complexity moodle CWE-352	8.8
2022-09-30	CVE-2022-40313	Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. network low complexity moodle fedoraproject CWE-79	7.1
2022-09-30	CVE-2022-40314	Unspecified vulnerability in Moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. network low complexity moodle critical	9.8
2022-09-30	CVE-2022-40315	SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. network low complexity moodle fedoraproject CWE-89 critical	9.8
2022-09-30	CVE-2022-40316	Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. network low complexity moodle fedoraproject CWE-862	4.3
2022-07-25	CVE-2022-35649	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. network low complexity moodle fedoraproject CWE-20 critical	9.8
2022-07-25	CVE-2022-35650	Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. network low complexity moodle fedoraproject CWE-20	7.5
2022-07-25	CVE-2022-35651	Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. network low complexity moodle redhat fedoraproject CWE-79	6.1
2022-07-25	CVE-2022-35652	Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. network low complexity moodle fedoraproject CWE-601	6.1