Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2021-36398 | Cross-site Scripting vulnerability in Moodle 3.11.0 In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-03-06 | CVE-2021-36399 | Cross-site Scripting vulnerability in Moodle 3.11.0 In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-03-06 | CVE-2021-36400 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
| 2023-03-06 | CVE-2021-36401 | Cross-site Scripting vulnerability in Moodle In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | 4.8 |
| 2023-03-06 | CVE-2021-36392 | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 9.8 |
| 2023-03-06 | CVE-2021-36393 | SQL Injection vulnerability in Moodle In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 9.8 |
| 2023-03-06 | CVE-2021-36394 | Unspecified vulnerability in Moodle In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 9.8 |
| 2023-03-06 | CVE-2021-36395 | Uncontrolled Recursion vulnerability in Moodle In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 7.5 |
| 2023-03-06 | CVE-2021-36396 | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
| 2023-02-17 | CVE-2023-23921 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |