Vulnerabilities > Moodle > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-30 CVE-2022-40313 Cross-site Scripting vulnerability in multiple products
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
network
low complexity
moodle fedoraproject CWE-79
7.1
7.1
2022-08-16 CVE-2020-14321 Incorrect Authorization vulnerability in Moodle
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
network
low complexity
moodle CWE-863
8.8
8.8
2022-08-16 CVE-2020-14322 Allocation of Resources Without Limits or Throttling vulnerability in Moodle
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
network
low complexity
moodle CWE-770
7.5
7.5
2022-07-25 CVE-2022-35650 Improper Input Validation vulnerability in multiple products
The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions.
network
low complexity
moodle fedoraproject CWE-20
7.5
7.5
2022-03-25 CVE-2022-0983 SQL Injection vulnerability in multiple products
An SQL injection risk was identified in Badges code relating to configuring criteria.
network
low complexity
moodle fedoraproject CWE-89
8.8
8.8
2022-03-11 CVE-2021-32476 Allocation of Resources Without Limits or Throttling vulnerability in Moodle
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits.
network
low complexity
moodle CWE-770
7.5
7.5
2022-01-25 CVE-2022-0332 SQL Injection vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4.
network
low complexity
moodle CWE-89
7.5
7.5
2022-01-25 CVE-2022-0335 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-352
8.8
8.8
2021-11-22 CVE-2021-43559 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-352
8.8
8.8
2021-01-28 CVE-2021-20187 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Moodle
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
network
low complexity
moodle CWE-829
7.2
7.2