Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-45150 | Cross-site Scripting vulnerability in multiple products A reflected cross-site scripting vulnerability was discovered in Moodle. | 6.1 |
| 2022-11-23 | CVE-2022-45151 | Cross-site Scripting vulnerability in multiple products The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. | 5.4 |
| 2022-09-30 | CVE-2022-40316 | Missing Authorization vulnerability in multiple products The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to. | 4.3 |
| 2022-09-29 | CVE-2021-40691 | Unspecified vulnerability in Moodle A session hijack risk was identified in the Shibboleth authentication plugin. | 4.3 |
| 2022-09-29 | CVE-2021-40692 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks made it possible for teachers to download users outside of their courses. | 4.3 |
| 2022-09-29 | CVE-2021-40693 | Improper Authentication vulnerability in Moodle An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 6.5 |
| 2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
| 2022-09-29 | CVE-2021-40695 | Unspecified vulnerability in Moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | 4.3 |
| 2022-09-13 | CVE-2021-36568 | Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). | 5.4 |
| 2022-07-25 | CVE-2022-35651 | Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. | 6.1 |