Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6545

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00524EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:12 a.m.20 views

BIT-MOODLE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS5AI score0.00524EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:10 a.m.16 views

BIT-MOODLE-2021-32476

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

7.5CVSS6.6AI score0.01047EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.25 views

Moodle 3.8.x < 3.8.7 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...

7.2CVSS5.8AI score0.01572EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.97 views

Moodle 3.8.x < 3.8.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...

6.9CVSS7.5AI score0.99019EPSS
Exploits13References13
Github Security Blog
Github Security Blog
added 2022/08/06 12:0 a.m.24 views

Moodle XSS Vulnerability

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS6.4AI score0.00524EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/06 12:0 a.m.25 views

GHSA-CWHP-RQFR-8462 Moodle XSS Vulnerability

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS5AI score0.00524EPSS
Exploits0References3
NVD
NVD
added 2022/08/05 4:15 p.m.16 views

CVE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS0.00524EPSS
Exploits0References1
OSV
OSV
added 2022/08/05 4:15 p.m.18 views

CVE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS6.1AI score
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/08/05 4:15 p.m.25 views

CVE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.4CVSS5.6AI score0.00524EPSS
Exploits0References2
Prion
Prion
added 2022/08/05 4:15 p.m.13 views

Cross site scripting

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

4.9CVSS5.2AI score0.00524EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/05 3:21 p.m.17 views

CVE-2020-1691

In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...

5.1AI score0.00524EPSS
Exploits0References1
NVD
NVD
added 2022/03/11 6:15 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.4CVSS0.00569EPSS
Exploits0References1
OSV
OSV
added 2022/03/11 6:15 p.m.24 views

CVE-2021-32473

It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.3CVSS6.6AI score
Exploits0References1
Prion
Prion
added 2022/03/11 6:15 p.m.25 views

Cross site scripting

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

3.5CVSS5AI score0.00569EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.23 views

Open redirect

The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...

4.3CVSS5.8AI score0.01157EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/03/11 5:54 p.m.102 views

CVE-2021-32474

CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...

7.2CVSS6.7AI score0.0089EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:54 p.m.31 views

CVE-2021-32475

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...

5.6AI score0.00569EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/10 12:0 a.m.4 views

PT-2021-3112 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: The issue is related to information disclosure. Exploitation of this issue could allow a remote attacker to gain unauthorized access to...

9.8CVSS6AI score0.52299EPSS
Exploits19References102
Packet Storm
Packet Storm
added 2020/11/27 12:0 a.m.653 views

Moodle 3.8 Arbitary File Upload

Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...

7.4AI score
Exploits0
Rows per page
Query Builder