moodle

629 tracked vulnerabilities.

CVE-2019-3851 MEDIUM
Moodle <3.6.3-3.5.5 - Info Disclosure
Mar 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-3850 MEDIUM
moodle < 3.1.17 - Open Redirect via Assignment Submission Comment Links
Mar 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-3849 HIGH
moodle < 3.4.8 - Unauthenticated Privilege Escalation via LTI Request Tampering
Mar 26, 2019
CVSS 8.8
EPSS 0.00
CVE-2019-3848 MEDIUM
moodle < 3.4.8 - Incorrect Authorization in Calendar Event Modal
Mar 26, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-3810 MEDIUM
moodle 3.1.0-3.1.15 3.6.0-3.6.1 - Cross-Site Scripting in User Profile Image Hover Text
Mar 25, 2019
CVSS 6.1
EPSS 0.08
CVE-2019-3809 MEDIUM
Moodle 3.1.0-3.1.15 - Server-Side Request Forgery via MyBackpack Badge URL
Mar 25, 2019
CVSS 6.5
EPSS 0.00
CVE-2019-3808 MEDIUM
Moodle 3.1.0-3.1.14, 3.4.0-3.4.5, 3.5.0-3.5.2, 3.6.0-3.6.1 - Cross-Site Scripting via Manage Groups Capability
Mar 25, 2019
CVSS 5.4
EPSS 0.00
CVE-2019-6970 HIGH
Moodle 3.5.0-3.5.3 - Server-Side Request Forgery
Mar 21, 2019
CVSS 7.5
EPSS 0.00
CVE-2018-16854 MEDIUM
moodle <3.0.10, 3.1-3.1.14 - Cross-Site Request Forgery in Login Form
Nov 26, 2018
CVSS 6.5
EPSS 0.01
CVE-2018-14631 HIGH
Moodle <3.5.2-3.4.5-3.3.8 - Reflected XSS
Sep 17, 2018
CVSS 8.8
EPSS 0.00
CVE-2018-14630 HIGH
moodle <3.0.10, 3.5.0-3.5.2 - Remote Code Execution via XML Import of ddwtos Quiz Questions
Sep 17, 2018
CVSS 8.8
EPSS 0.02
CVE-2018-10891 HIGH
moodle 3.1-3.1.12, 3.5.0 - Stored Cross-Site Scripting in Quiz Question Bank Import
Jul 10, 2018
CVSS 7.3
EPSS 0.00
CVE-2018-10890 MEDIUM
moodle < 3.1.13 - Exposure of Sensitive Information via Web Service
Jul 10, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-10889 MEDIUM
moodle 3.3.0-3.3.6, 3.5.0 - Sensitive Information Disclosure in Data Privacy Export Logs
Jul 10, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-1137 HIGH
Moodle 3.1.0-3.1.11 - Unauthenticated Denial of Service via Portfolio URL Substitution
May 25, 2018
CVSS 8.1
EPSS 0.00
CVE-2018-1136 MEDIUM
Moodle 3.1.0-3.1.11 and 3.1-3.1.12 - Authenticated Stored Cross-Site Scripting via Dashboard HTML Block
May 25, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-1135 MEDIUM
Moodle 3.1.0-3.1.11 - Unauthenticated Exposure of Sensitive Information via Forum Post Export
May 25, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-1134 MEDIUM
Moodle 3.1.0-3.1.11 and 3.1-3.1.12 - Unauthenticated Arbitrary File Download via Portfolio Export URL
May 25, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-1133 HIGH
Moodle 3.1.0-3.1.11, 3.1-3.1.12 - Remote Code Execution via Calculated Question Eval Injection
May 25, 2018
CVSS 8.8
EPSS 0.54
CVE-2018-1082 HIGH
Moodle 3.3.0-3.3.4 and 3.4.0-3.4.1 - Improper Authentication
Apr 04, 2018
CVSS 8.1
EPSS 0.02
CVE-2018-1081 MEDIUM
Moodle < 3.0.10, 3.1-3.1.10 - Unauthenticated Email Spam via PayPal IPN Callback
Apr 04, 2018
CVSS 5.3
EPSS 0.01
CVE-2018-1045 MEDIUM
Moodle < 3.1.9 and 3.3-3.3.4 - Cross-Site Scripting via Calendar Event Name
Jan 22, 2018
CVSS 5.4
EPSS 0.00
CVE-2018-1044 MEDIUM
Moodle 3.x < 3.1.9 and 3.1-3.1.10 - Unauthorized Exposure of Quiz Results
Jan 22, 2018
CVSS 4.3
EPSS 0.00
CVE-2018-1043 MEDIUM
Moodle 3.2-3.2.6 - Host Blocking Bypass via Multiple A Record Hostnames
Jan 22, 2018
CVSS 6.5
EPSS 0.00
CVE-2018-1042 MEDIUM
Moodle < 3.1.9 and 3.4-3.4.1 - Server-Side Request Forgery via Filepicker
Jan 22, 2018
CVSS 6.5
EPSS 0.13
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV