Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2022-08-16 CVE-2020-1755 Insufficient Verification of Data Authenticity vulnerability in Moodle
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
network
low complexity
moodle CWE-345
5.3
5.3
2022-08-16 CVE-2020-1756 Improper Input Validation vulnerability in Moodle
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
network
low complexity
moodle CWE-20
7.2
7.2
2022-08-05 CVE-2020-1691 Cross-site Scripting vulnerability in Moodle 3.8.0
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
network
low complexity
moodle CWE-79
5.4
5.4
2022-08-05 CVE-2020-1754 Incorrect Permission Assignment for Critical Resource vulnerability in Moodle
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
network
low complexity
moodle CWE-732
4.3
4.3
2022-07-25 CVE-2022-35649 Improper Input Validation vulnerability in multiple products
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code.
network
low complexity
moodle fedoraproject CWE-20
critical
 9.8
9.8
2022-07-25 CVE-2022-35650 Improper Input Validation vulnerability in multiple products
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions.
network
low complexity
moodle fedoraproject CWE-20
7.5
7.5
2022-07-25 CVE-2022-35651 Cross-site Scripting vulnerability in multiple products
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details.
network
low complexity
moodle redhat fedoraproject CWE-79
6.1
6.1
2022-07-25 CVE-2022-35652 Open Redirect vulnerability in multiple products
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature.
network
low complexity
moodle fedoraproject CWE-601
6.1
6.1
2022-07-25 CVE-2022-35653 Cross-site Scripting vulnerability in multiple products
A reflected XSS issue was identified in the LTI module of Moodle.
network
low complexity
moodle fedoraproject redhat CWE-79
6.1
6.1
2022-05-18 CVE-2022-30597 A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
network
low complexity
moodle redhat fedoraproject
5.3
5.3