CVE-2022-50943

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

Moodle cross-site scripting vulnerabilities

Moodle is an open-source e-learning software platform developed by Moodle. It is also known as a course management system, learning management system, or virtual learning environment. Version 3.10.3 of Moodle contains a cross-site scripting vulnerability. This vulnerability stems from a persisten...

EUVD-2012-1200

Malware in sbrugna...

EUVD-2006-4773

Malware in sbrugna...

EUVD-2012-1190

Malware in sbrugna...

EUVD-2005-3646

Malware in sbrugna...

EUVD-2022-3328

Malicious code in bioql PyPI...

EUVD-2022-4097

Malicious code in bioql PyPI...

EUVD-2022-2303

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-7491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the number of courses displayed in the course overview block configuration...

Linux Distros Unpatched Vulnerability : CVE-2023-35133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3,...

Moodle 5.x < 5.0.1 Reflected Cross-Site Scripting

According to its self-reported version, the Moodle install hosted on the remote host is 5.x prior to 5.0.1 . It is, therefore, affected by a Reflected XSS in MathJax. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version numbe...

Authorization Bypass Through User-Controlled Key

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient capability checks in the RSS block. An attacker can access and view additional RSS feeds by exploiting the IDOR vulnerability...

Moodle < 3.9.23 phpCAS Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23, 3.11.x prior to 3.11.16 or 4.0.x prior to 4.0.10. The phpCAS library included with Moodle has been upgraded to version 1.6.0, which includes a fix for a serious security issue. Note that the...

Moodle 4.1.x < 4.1.3 SQL injection

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...

Moodle < 3.9.21 SQL injection

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...

Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

Moodle < 3.9.23 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

Moodle 4.2.x < 4.2.4 Multiple Cross-Site Scripting

According to its self-reported version, the Moodle install hosted on the remote host is 4.2.x prior to 4.2.4 or 4.3.x prior to 4.3.1. It is, therefore, affected by multiple cross-site scripting: - Reflected XSS risk on ad-hoc tasks page - Reflected XSS risk in grader report search - Stored XSS in...

Moodle 3.11.x < 3.11.14 SQL injection

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...