31 matches found
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient sanitization of URL parameters in the policy tool return URL. An attacker can execute arbitrary client-side scripts or disclose sensitive information by...
Improper Handling of Insufficient Permissions or Privileges
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the LTI Provider available to suspended users. An attacker can gain unauthorized access to the system and perform actions or access...
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient checks on user-provided data in the formula editor's arithmetic expression fields. An attacker can execute arbitrary scripts in the context of another user'...
Brute Force
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Brute Force via the confirmation email web service. An attacker can gain unauthorized access to sensitive information by sending repeated authentication attempts without proper rate limiting, enabli...
Fedora: Security Advisory (FEDORA-2025-d50e995e7d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 42 : moodle (2025-83ab16425f)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-83ab16425f advisory. 4.5.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...
Fedora: Security Advisory (FEDORA-2025-83ab16425f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : moodle (2025-622bed7e7a)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-622bed7e7a advisory. 4.4.9 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for these...
Fedora 42 : moodle (2025-ccb1a36fcb)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ccb1a36fcb advisory. Latest updates. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
Fedora: Security Advisory (FEDORA-2024-ddb5f7c0a3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of the return URL in the policy tool. An attacker can inject malicious scripts that may be executed in the context of the user's browser...
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing sanitization in the question bank filter. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious scrip...
Exposure of Sensitive Information Through Metadata
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata via the tag search page or in the tags block which allows users to discover tags that are not expected to be visible. Remediation Upgrade...
Fedora: Security Advisory (FEDORA-2024-bdda1791b5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 40 : moodle (2024-bdda1791b5)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bdda1791b5 advisory. Multiple CVE fixes Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient access control checks in the process of fetching course badges. Remediation Upgrade moodle/moodle to version 4.4.4 or higher. References - GitHub Commit -...
Access Control Bypass
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Access Control Bypass due to insufficient permission checks during the account deletion process. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References -...
Improper Authentication
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Improper Authentication due to a loose comparison in the password-checking logic to access the Lesson activity. Note: This only affects passwords that are set to "magic hash" values. Workaround User...
Information Exposure
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via dynamic tables. Remediation Upgrade moodle/moodle to version 4.1.13, 4.2.10, 4.3.7, 4.4.3 or higher. References - Git Commit - GitHub Commit - Moodle Forum - Red Hat Bugzill...
Information Exposure
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the sendinstantmessages function. An attacker can gain access to user names they should not have access to by exploiting this error message handling. Remediation Upgrade...