Vulnerabilities > Moodle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2021-36395 | Uncontrolled Recursion vulnerability in Moodle In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 7.5 |
| 2023-03-06 | CVE-2021-36396 | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
| 2023-02-17 | CVE-2023-23923 | Unspecified vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. | 8.2 |
| 2022-10-06 | CVE-2022-2986 | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | 8.8 |
| 2022-09-30 | CVE-2022-40313 | Cross-site Scripting vulnerability in multiple products Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | 7.1 |
| 2022-08-16 | CVE-2020-14321 | Incorrect Authorization vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | 8.8 |
| 2022-08-16 | CVE-2020-14322 | Allocation of Resources Without Limits or Throttling vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | 7.5 |
| 2022-08-16 | CVE-2020-1756 | Improper Input Validation vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | 7.2 |
| 2022-07-25 | CVE-2022-35650 | Improper Input Validation vulnerability in multiple products The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. | 7.5 |
| 2022-03-25 | CVE-2022-0983 | SQL Injection vulnerability in multiple products An SQL injection risk was identified in Badges code relating to configuring criteria. | 8.8 |