Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-16 | CVE-2020-14321 | Incorrect Authorization vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | 8.8 |
| 2022-08-16 | CVE-2020-14322 | Allocation of Resources Without Limits or Throttling vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | 7.5 |
| 2022-07-25 | CVE-2022-35649 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. | 9.8 |
| 2022-07-25 | CVE-2022-35650 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. | 7.5 |
| 2022-07-25 | CVE-2022-35651 | Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. | 6.1 |
| 2022-07-25 | CVE-2022-35652 | Open Redirect vulnerability in multiple products An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. | 6.1 |
| 2022-07-25 | CVE-2022-35653 | Cross-site Scripting vulnerability in multiple products A reflected XSS issue was identified in the LTI module of Moodle. | 6.1 |
| 2022-05-18 | CVE-2022-30597 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | 5.3 |
| 2022-05-18 | CVE-2022-30598 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | 4.3 |
| 2022-05-18 | CVE-2022-30599 | SQL Injection vulnerability in multiple products A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | 9.8 |