22 matches found
EUVD-2022-6545
Malicious code in bioql PyPI...
BIT-MOODLE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
BIT-MOODLE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
Moodle 3.8.x < 3.8.7 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.5.x prior to 3.5.16, 3.8.x prior to 3.8.7, 3.9.x prior to 3.9.4 or 3.10.x prior to 3.10.1. It is, therefore, affected by multiple vulnerabilities: - A client-side Denial of Service DoS attack due to the lack of character limit when sending...
Moodle 3.8.x < 3.8.8 Multiple Vulnerabilities
The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...
Moodle XSS Vulnerability
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
GHSA-CWHP-RQFR-8462 Moodle XSS Vulnerability
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
Cross site scripting
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
CVE-2021-32473
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
Cross site scripting
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
Open redirect
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected...
CVE-2021-32474
CVE-2021-32474 is an SQL injection vulnerability in Moodle when MNet is enabled, exploitable via an XML-RPC call from a connected peer. The issue requires site administrator access or access to the keypair. Affected Moodle versions include 3.10 up to 3.10.3, 3.9 up to 3.9.6, 3.8 up to 3.8.8, 3.5 ...
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected...
PT-2021-3112 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.8 to 3.8.8 Moodle versions 3.9 to 3.9.6 Moodle versions 3.10 to 3.10.3 Description: The issue is related to information disclosure. Exploitation of this issue could allow a remote attacker to gain unauthorized access to...
Moodle 3.8 Arbitary File Upload
Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...