The version of Moodle installed on the remote host is 3.9.x prior to 3.9.16, 3.11.x prior to 3.11.9 or 4.0.x prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities:
A vulnerable version of the Mustache template library included in Moodle. (CVE-2022-0323)
A Cross-Site Request Forgery (CSRF) vulnerability due to the lack of token check when enabling and disabled installed H5P libraries. (CVE-2022-2986)
Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.
No source data