Lucene search
K

21 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-21809

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to comma...

9.1CVSS7.9AI score0.24173EPSS
Exploits7References2
OSV
OSV
added 2024/03/06 11:10 a.m.16 views

BIT-MOODLE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01047EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:9 a.m.22 views

BIT-MOODLE-2021-32477

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

4.3CVSS5.5AI score0.00708EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.29 views

Moodle 3.10.x < 3.10.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.11, 3.10.x prior to 3.10.8 or 3.11.x prior to 3.11.4. It is, therefore, affected by multiple vulnerabilities: - A Remote Code Execution when restoring malformed backup files. CVE-2021-3943 - A vulnerable version of mlbackend...

9.8CVSS7.2AI score0.02383EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.35 views

Moodle 3.10.x < 3.10.1 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...

7.2CVSS5.8AI score0.01572EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.103 views

Moodle 3.10.x < 3.10.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.14, 3.10.x prior to 3.10.11, 3.11.x prior to 3.11.7 or 4.0.x prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability in ID numbers displayed when bulk...

9.8CVSS7.4AI score0.04881EPSS
Exploits1References10
NVD
NVD
added 2022/03/11 6:15 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.4CVSS0.00569EPSS
Exploits0References1
NVD
NVD
added 2022/03/11 6:15 p.m.35 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS0.0089EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.24 views

CVE-2021-32474

An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions...

7.2CVSS7.6AI score
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.26 views

CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.3CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2022/03/11 6:15 p.m.25 views

Cross site scripting

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

3.5CVSS5AI score0.00569EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.24 views

Design/Logic Flaw

The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site administrators by default. Moodle versions 3.10 to 3.10.3 are affected...

4CVSS4.4AI score0.00708EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.24 views

Open redirect

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

4.3CVSS5.8AI score0.01157EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.32 views

CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.8AI score0.00993EPSS
Exploits0References1
CVE
CVE
added 2022/03/11 5:54 p.m.103 views

CVE-2021-32474

CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...

7.2CVSS6.7AI score0.0089EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.6AI score0.00569EPSS
Exploits0References1
CVE
CVE
added 2022/03/11 5:54 p.m.95 views

CVE-2021-32475

CVE-2021-32475 affects Moodle versions 3.10.0–3.10.3, 3.9.0–3.9.6, 3.8.0–3.8.8, and 3.5–3.5.17 (and older unsupported) where IDs shown in the quiz grading report could be stored XSS vectors due to insufficient sanitization. The issue is a stored XSS in the quiz grading report ID display. The conn...

5.4CVSS5.4AI score0.00569EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/06/23 10:15 p.m.30 views

Command injection

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities...

9CVSS9.2AI score0.24173EPSS
Exploits7References2Affected Software1
CVE
CVE
added 2021/06/23 9:25 p.m.181 views

CVE-2021-21809

CVE-2021-21809 affects Moodle 3.10’s default legacy spellchecker plugin. A specially crafted sequence of HTTP requests can cause remote command execution, with exploitation requiring administrator privileges. Multiple feeds (NVD/NIST, CIRCL, and Nessus plugins) corroborate a command-injection/rem...

9.1CVSS9.1AI score0.24173EPSS
Exploits7References2Affected Software1
Talos
Talos
added 2021/06/22 12:0 a.m.145 views

Moodle spellchecker plugin command execution vulnerability

Summary A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities. Tested Versions Moodle 3.10 Product...

9.1CVSS9.7AI score0.24173EPSS
Exploits7
Rows per page
Query Builder