Total
524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14830 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app"). | |||||
CVE-2020-25699 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
CVE-2021-20282 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | |||||
CVE-2020-25628 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
CVE-2021-20183 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 5.4 MEDIUM |
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. | |||||
CVE-2019-14882 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | |||||
CVE-2019-14884 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | |||||
CVE-2019-14883 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | |||||
CVE-2019-14880 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | |||||
CVE-2020-10738 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. | |||||
CVE-2019-14881 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
CVE-2019-14879 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | |||||
CVE-2012-1159 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Moodle before 2.2.2: Overview report allows users to see hidden courses | |||||
CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-12-10 | 6.4 MEDIUM | 8.2 HIGH |
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | |||||
CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | |||||
CVE-2012-1170 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | |||||
CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | |||||
CVE-2020-1692 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | |||||
CVE-2012-1161 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | |||||
CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Moodle before 2.2.2 has users' private files included in course backups |