Moodle 4.2.x < 4.2.4 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.25 / 3.11.x prior to 3.11.18 / 4.0.x prior to 4.0.12 / 4.1.x prior to 4.1.7 / 4.2.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities: - XSS risk when manually running a task ...

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure due to improper checks of users permissions which allows an attacker to view badge recipient lists that they should not have access to. Remediation Upgrade moodle/moodle to...

CVE-2024-48900 Moodle: idor when accessing list of badge recipients

A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to...