Vulnerabilities > Moodle > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-29 CVE-2022-0985 Incorrect Authorization vulnerability in Moodle
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
network
low complexity
moodle CWE-863
4.3
4.3
2022-03-11 CVE-2021-32472 Missing Authorization vulnerability in Moodle
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances.
network
low complexity
moodle CWE-862
4.3
4.3
2022-03-11 CVE-2021-32473 Unspecified vulnerability in Moodle
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
network
low complexity
moodle
5.3
5.3
2022-03-11 CVE-2021-32475 Cross-site Scripting vulnerability in Moodle
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
network
low complexity
moodle CWE-79
5.4
5.4
2022-03-11 CVE-2021-32477 Missing Authorization vulnerability in Moodle
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default).
network
low complexity
moodle CWE-862
4.3
4.3
2022-03-11 CVE-2021-32478 Unspecified vulnerability in Moodle
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks.
network
low complexity
moodle
6.1
6.1
2022-01-25 CVE-2022-0334 Exposure of Resource to Wrong Sphere vulnerability in Moodle
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions.
network
low complexity
moodle CWE-668
4.3
4.3
2021-11-22 CVE-2021-43558 Cross-site Scripting vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-79
6.1
6.1
2021-11-22 CVE-2021-43560 Exposure of Resource to Wrong Sphere vulnerability in multiple products
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions.
network
low complexity
moodle fedoraproject CWE-668
5.3
5.3
2021-06-16 CVE-2021-32244 Cross-site Scripting vulnerability in Moodle 3.10.3
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
network
low complexity
moodle CWE-79
5.4
5.4