Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-22 | CVE-2018-1045 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS via a calendar event name. | 3.5 |
| 2018-01-22 | CVE-2018-1044 | Information Exposure vulnerability in Moodle In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. | 4.0 |
| 2018-01-22 | CVE-2018-1043 | Unspecified vulnerability in Moodle In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. | 4.0 |
| 2018-01-22 | CVE-2018-1042 | Server-Side Request Forgery (SSRF) vulnerability in Moodle Moodle 3.x has Server Side Request Forgery in the filepicker. | 4.0 |
| 2017-11-20 | CVE-2017-15110 | Information Exposure vulnerability in Moodle In Moodle 3.x, students can find out email addresses of other students in the same course. | 4.0 |
| 2017-09-18 | CVE-2017-12157 | Information Exposure vulnerability in Moodle In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access. | 4.0 |
| 2017-09-18 | CVE-2017-12156 | Cross-site Scripting vulnerability in Moodle Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback. | 4.3 |
| 2017-07-17 | CVE-2017-7532 | Improper Privilege Management vulnerability in Moodle In Moodle 3.x, course creators are able to change system default settings for courses. | 4.0 |
| 2017-07-17 | CVE-2017-7531 | Information Exposure vulnerability in Moodle 3.3.0 In Moodle 3.3, the course overview block reveals activities in hidden courses. | 4.0 |
| 2017-07-17 | CVE-2017-2642 | Information Exposure vulnerability in Moodle Moodle 3.x has user fullname disclosure on the user preferences page. | 4.0 |