Vulnerabilities > Moodle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2021-40692 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks made it possible for teachers to download users outside of their courses. | 4.3 |
| 2022-09-29 | CVE-2021-40693 | Improper Authentication vulnerability in Moodle An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | 6.5 |
| 2022-09-29 | CVE-2021-40694 | Improper Encoding or Escaping of Output vulnerability in Moodle Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | 4.9 |
| 2022-09-29 | CVE-2021-40695 | Unspecified vulnerability in Moodle It was possible for a student to view their quiz grade before it had been released, using a quiz web service. | 4.3 |
| 2022-09-13 | CVE-2021-36568 | Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). | 5.4 |
| 2022-08-16 | CVE-2020-14320 | Cross-site Scripting vulnerability in Moodle In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | 6.1 |
| 2022-08-16 | CVE-2020-1755 | Insufficient Verification of Data Authenticity vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | 5.3 |
| 2022-08-05 | CVE-2020-1691 | Cross-site Scripting vulnerability in Moodle 3.8.0 In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | 5.4 |
| 2022-08-05 | CVE-2020-1754 | Incorrect Permission Assignment for Critical Resource vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups. | 4.3 |
| 2022-07-25 | CVE-2022-35651 | Cross-site Scripting vulnerability in multiple products A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. | 6.1 |