Vulnerabilities > Moodle > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2021-36400 Authorization Bypass Through User-Controlled Key vulnerability in Moodle
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
network
low complexity
moodle CWE-639
5.3
5.3
2023-03-06 CVE-2021-36401 Cross-site Scripting vulnerability in Moodle
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
low complexity
moodle CWE-79
4.8
4.8
2023-02-17 CVE-2023-23921 Cross-site Scripting vulnerability in Moodle
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters.
network
low complexity
moodle CWE-79
6.1
6.1
2023-02-17 CVE-2023-23922 Cross-site Scripting vulnerability in Moodle
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search.
network
low complexity
moodle CWE-79
6.1
6.1
2023-01-12 CVE-2022-39183 Open Redirect vulnerability in Moodle Saml Authentication
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
network
low complexity
moodle CWE-601
6.1
6.1
2022-11-23 CVE-2022-45149 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL.
network
low complexity
moodle fedoraproject CWE-352
5.4
5.4
2022-11-23 CVE-2022-45150 Cross-site Scripting vulnerability in multiple products
A reflected cross-site scripting vulnerability was discovered in Moodle.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2022-11-23 CVE-2022-45151 Cross-site Scripting vulnerability in multiple products
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields.
network
low complexity
moodle fedoraproject CWE-79
5.4
5.4
2022-09-30 CVE-2022-40316 Missing Authorization vulnerability in multiple products
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
network
low complexity
moodle fedoraproject CWE-862
4.3
4.3
2022-09-29 CVE-2021-40691 Unspecified vulnerability in Moodle
A session hijack risk was identified in the Shibboleth authentication plugin.
network
low complexity
moodle
4.3
4.3