Vulnerabilities > Moodle > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-14631 Cross-site Scripting vulnerability in Moodle
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered.
network
low complexity
moodle CWE-79
6.1
6.1
2018-07-10 CVE-2018-10890 Information Exposure vulnerability in Moodle
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13.
network
low complexity
moodle CWE-200
5.3
5.3
2018-07-10 CVE-2018-10889 Information Exposure Through Log Files vulnerability in Moodle
A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7.
network
low complexity
moodle CWE-532
5.3
5.3
2018-05-25 CVE-2018-1136 Cross-site Scripting vulnerability in Moodle
An issue was discovered in Moodle 3.x.
network
low complexity
moodle CWE-79
4.3
4.3
2018-05-25 CVE-2018-1135 Information Exposure vulnerability in Moodle
An issue was discovered in Moodle 3.x.
network
low complexity
moodle CWE-200
6.5
6.5
2018-05-25 CVE-2018-1134 Improper Privilege Management vulnerability in Moodle
An issue was discovered in Moodle 3.x.
network
low complexity
moodle CWE-269
6.5
6.5
2018-04-04 CVE-2018-1081 Unspecified vulnerability in Moodle
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions.
network
low complexity
moodle
5.3
5.3
2018-01-22 CVE-2018-1045 Cross-site Scripting vulnerability in Moodle
In Moodle 3.x, there is XSS via a calendar event name.
network
low complexity
moodle CWE-79
5.4
5.4
2018-01-22 CVE-2018-1044 Information Exposure vulnerability in Moodle
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
network
low complexity
moodle CWE-200
4.3
4.3
2018-01-22 CVE-2018-1043 Unspecified vulnerability in Moodle
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
network
low complexity
moodle
6.5
6.5