Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-06 | CVE-2021-36403 | Unspecified vulnerability in Moodle In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | 5.3 |
| 2023-03-06 | CVE-2021-36397 | Unspecified vulnerability in Moodle In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | 5.3 |
| 2023-03-06 | CVE-2021-36398 | Cross-site Scripting vulnerability in Moodle 3.11.0 In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-03-06 | CVE-2021-36399 | Cross-site Scripting vulnerability in Moodle 3.11.0 In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | 5.4 |
| 2023-03-06 | CVE-2021-36400 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
| 2023-03-06 | CVE-2021-36401 | Cross-site Scripting vulnerability in Moodle In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | 4.8 |
| 2023-02-17 | CVE-2023-23921 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. | 6.1 |
| 2023-02-17 | CVE-2023-23922 | Cross-site Scripting vulnerability in Moodle The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. | 6.1 |
| 2023-01-12 | CVE-2022-39183 | Open Redirect vulnerability in Moodle Saml Authentication Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | 6.1 |
| 2022-11-23 | CVE-2022-45149 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. | 5.4 |