Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-19 | CVE-2024-25981 | Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. | 5.3 |
| 2024-02-19 | CVE-2024-25982 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2024-02-19 | CVE-2024-25983 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | 5.3 |
| 2024-02-12 | CVE-2024-1439 | Unspecified vulnerability in Moodle Inadequate access control in Moodle LMS. | 3.3 |
| 2023-11-09 | CVE-2023-5543 | When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. | 3.3 |
| 2023-11-09 | CVE-2023-5539 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. | 8.8 |
| 2023-11-09 | CVE-2023-5540 | Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. | 8.8 |
| 2023-11-09 | CVE-2023-5541 | Cross-site Scripting vulnerability in Moodle The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | 6.1 |
| 2023-11-09 | CVE-2023-5542 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Students in "Only see own membership" groups could see other students in the group, which should be hidden. | 4.3 |
| 2023-11-09 | CVE-2023-5544 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 5.4 |