The vulnerability of the Grade Report Handler component in the virtual learning environment Moodle allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Grade Report Handler component in the virtual training environment is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...

Moodle 3.11.x < 3.11.13 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.20, 3.11.x prior to 3.11.13, 4.0.x prior to 4.0.7 or 4.1.x prior to 4.1.2. It is, therefore, affected by multiple vulnerabilities. - The course participation report required additional checks to...

BIT-MOODLE-2023-28336 Moodle: teacher can access names of users they do not have permission to access

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

BIT-MOODLE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

CVE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

CVE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

Cross site scripting

DISPUTED Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students...

CVE-2023-46858

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...

UBUNTU-CVE-2023-46858

DISPUTED Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students...

Moodle 4.3 Cross Site Scripting

Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...

Information Disclosure

moodle is vulnerable to Information Disclosure. The vulnerability exists due to a lack of validation in the grade report history feature located in tablelog.php, allowing an attacker with the teacher role to access users they aren't authorized to view...

Moodle may allow teachers to access the names of users they could not otherwise access

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

GHSA-PRJM-2FJ2-787F Moodle may allow teachers to access the names of users they could not otherwise access

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

CVE-2023-28336

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

CVE-2023-28336

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

CVE-2023-28336

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

CVE-2023-28336

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

UBUNTU-CVE-2023-28336

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...

Authorization

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access...