Vulnerabilities > Moodle

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-25	CVE-2022-45152	Server-Side Request Forgery (SSRF) vulnerability in multiple products A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. network low complexity moodle fedoraproject CWE-918 critical	9.1
2022-11-23	CVE-2022-45149	Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. network low complexity moodle fedoraproject CWE-352	5.4
2022-11-23	CVE-2022-45150	Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting vulnerability was discovered in Moodle. network low complexity moodle fedoraproject CWE-79	6.1
2022-11-23	CVE-2022-45151	Cross-site Scripting vulnerability in multiple products The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. network low complexity moodle fedoraproject CWE-79	5.4
2022-10-06	CVE-2022-2986	Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. network low complexity moodle CWE-352	8.8
2022-09-30	CVE-2022-40313	Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. network low complexity moodle fedoraproject CWE-79	7.1
2022-09-30	CVE-2022-40314	Unspecified vulnerability in Moodle A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. network low complexity moodle critical	9.8
2022-09-30	CVE-2022-40315	SQL Injection vulnerability in multiple products A limited SQL injection risk was identified in the "browse list of users" site administration page. network low complexity moodle fedoraproject CWE-89 critical	9.8
2022-09-30	CVE-2022-40316	Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. network low complexity moodle fedoraproject CWE-862	4.3
2022-09-29	CVE-2021-40691	Unspecified vulnerability in Moodle A session hijack risk was identified in the Shibboleth authentication plugin. network low complexity moodle	4.3

Vulnerabilities > Moodle {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Moodle"}]}

Vulnerabilities > Moodle