Vulnerabilities > Moodle > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-18 CVE-2024-48896 Information Exposure Through an Error Message vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-209
4.3
4.3
2024-11-18 CVE-2024-48897 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
4.3
2024-11-18 CVE-2024-48898 Missing Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-862
4.3
4.3
2024-11-18 CVE-2024-48901 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
4.3
2024-06-24 CVE-2024-34312 Cross-site Scripting vulnerability in Moodle Virtual Programming LAB
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
network
low complexity
moodle CWE-79
6.1
6.1
2024-02-19 CVE-2024-25979 The URL parameters accepted by forum search were not limited to the allowed parameters.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups.
network
low complexity
moodle fedoraproject
5.3
5.3
2024-02-19 CVE-2024-25983 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
network
low complexity
moodle fedoraproject CWE-639
5.3
5.3
2023-11-09 CVE-2023-5541 Cross-site Scripting vulnerability in Moodle
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
network
low complexity
moodle CWE-79
6.1
6.1