Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-09 | CVE-2023-5547 | Cross-site Scripting vulnerability in multiple products The course upload preview contained an XSS risk for users uploading unsafe data. | 6.1 |
| 2023-11-09 | CVE-2023-5548 | Insufficient Verification of Data Authenticity vulnerability in multiple products Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. | 5.3 |
| 2023-11-09 | CVE-2023-5549 | Improper Privilege Management vulnerability in multiple products Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. | 5.3 |
| 2023-10-29 | CVE-2023-46858 | Cross-site Scripting vulnerability in Moodle 4.3.0 Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. | 5.4 |
| 2023-06-22 | CVE-2023-35131 | Cross-site Scripting vulnerability in Moodle Content on the groups page required additional sanitizing to prevent an XSS risk. | 6.1 |
| 2023-06-22 | CVE-2023-35132 | SQL Injection vulnerability in Moodle A limited SQL injection risk was identified on the Mnet SSO access control page. | 6.3 |
| 2023-05-16 | CVE-2021-27131 | Cross-site Scripting vulnerability in Moodle 3.10.1 Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. | 5.4 |
| 2023-05-02 | CVE-2023-30943 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in multiple products The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. | 5.3 |
| 2023-03-24 | CVE-2022-40208 | Unspecified vulnerability in Moodle In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | 4.3 |
| 2023-03-23 | CVE-2023-1402 | Exposure of Resource to Wrong Sphere vulnerability in Moodle The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | 4.3 |