8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
6.5 Medium
AI Score
Confidence
High
Vulnerability in Moodle virtual learning environment related to improper validation of allowed event types in the calendar web service.
events in the calendar web service. Exploitation of the vulnerability could allow an attacker acting
remotely, to create events with types/audience for which they did not have permission to publish
Vulnerability in the Moodle virtual learning environment related to the lack of a required token in the
logout function in MFA. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service
Vulnerability in the Moodle virtual learning environment related to the lack of additional cleanup to prevent the retained XSS risk.
prevent the retained XSS risk. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site attack.
remotely to conduct a cross-site scripting (XSS) attack
Moodle virtual learning environment vulnerability due to misconfiguration of the shared hosting environment
To the content of others with access to restore database activity modules. Exploitation
of the vulnerability could allow an attacker acting remotely to perform a local file inclusion
Vulnerability in the Moodle virtual learning environment due to the lack of the necessary token in the administrator’s tools to prevent risk.
necessary token to prevent CSRF risk. Exploitation of the vulnerability could allow an attacker,
acting remotely, an attacker could compromise the confidentiality, integrity, and availability of protected
information
A vulnerability in the Moodle virtual learning environment related to the insecure use of URLs
referrer URLs used by MFA. Exploitation of the vulnerability could allow an attacker acting remotely,
cause a denial of service
A vulnerability in the Moodle virtual learning environment related to manipulation of the config_log_created argument.
Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripting attack.
scripting attack.
Moodle virtual learning environment vulnerability related to misconfiguration of the shared hosting environment
to the content of others with access to restore workshop modules. Exploitation of the vulnerability could
Allow an attacker acting remotely to perform a local file inclusion
A vulnerability in the Moodle virtual learning environment related to the cURL shell that preserved the original
request headers when performing redirects. Exploitation of the vulnerability could allow an attacker,
acting remotely, to gain access to protected information
Moodle virtual learning environment vulnerability due to misconfiguration of the shared hosting environment
To the content of others with access to restore wiki modules. Exploitation of the vulnerability could allow
an attacker acting remotely to perform a local file inclusion
Vulnerability in the Moodle virtual learning environment due to failure to take measures to protect the structure of a web page.
web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to perform a
cross-site scripting (XSS) attack
Moodle virtual learning environment vulnerability related to cross-site request forgery. Exploitation
vulnerability could allow an attacker acting remotely to compromise the
confidentiality, integrity and availability of protected information
Moodle virtual learning environment vulnerability due to misconfiguration of the shared hosting environment
to the content of others with access to restore feedback modules. Exploitation of the vulnerability could
Allow an attacker acting remotely to perform a local file inclusion
Vulnerability in Moodle virtual learning environment due to insufficient validation of ReCAPTCHA enablement.
Exploitation of the vulnerability could allow an attacker acting remotely to bypass checks on the
login