moodle

629 tracked vulnerabilities.

CVE-2023-28336 MEDIUM
Moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Exposure of Sensitive Information via Grade Report History
Mar 23, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-28335 HIGH
moodle 4.1.0-4.1.2 - Cross-Site Request Forgery via Database Activity Template Reset Link
Mar 23, 2023
CVSS 8.8
EPSS 0.00
CVE-2023-28334 MEDIUM
Moodle 4.0.0-4.0.6 and 4.1.0-4.1.1 - Authenticated User Enumeration via Learning Plans Page
Mar 23, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-28333 CRITICAL
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Code Injection via Mustache Pix Helper
Mar 23, 2023
CVSS 9.8
EPSS 0.01
CVE-2023-28332 MEDIUM
Moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Cross-Site Scripting via Algebra Filter
Mar 23, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-28331 MEDIUM
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Cross-Site Scripting via Database Auto-Linking Filter
Mar 23, 2023
CVSS 6.1
EPSS 0.01
CVE-2023-28330 MEDIUM
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated Arbitrary File Read via Backup Feature
Mar 23, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-28329 HIGH
moodle 3.9.0-3.9.19 and 4.1.0-4.1.1 - Authenticated SQL Injection
Mar 23, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-1402 MEDIUM
Moodle - Information Disclosure via Course Participation Report
Mar 23, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-23923 HIGH
Moodle < 3.9.19 - Improper Access Control via Start Page Preference
Feb 17, 2023
CVSS 8.2
EPSS 0.00
CVE-2023-23922 MEDIUM
Moodle 4.0.0-4.0.6 - Stored Cross-Site Scripting in Blog Search
Feb 17, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-23921 MEDIUM
Moodle < 3.9.19 - Cross-Site Scripting via Return URL Parameter
Feb 17, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-50943 MEDIUM
Moodle LMS 4.0 Cross-Site Scripting via course search.php
May 10, 2026
CVSS 6.1
EPSS 0.00
CVE-2022-40208 MEDIUM
Moodle 3.9.0-3.9.15 and 4.0.0-4.0.2 - Improper Authorization in Quiz Web Services
Mar 24, 2023
CVSS 4.3
EPSS 0.00
CVE-2022-39183 MEDIUM
Moodle SAML Authentication - Open Redirect
Jan 12, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-45152 CRITICAL
Moodle < 3.9.18 - Server-Side Request Forgery via LTI Provider Library
Nov 25, 2022
CVSS 9.1
EPSS 0.00
CVE-2022-45151 MEDIUM
Moodle 3.11.0-3.11.10 - Stored Cross-Site Scripting in User Profile Fields
Nov 23, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-45150 MEDIUM
Moodle 3.9.0-3.9.17 - Reflected Cross-Site Scripting in Policy Tool
Nov 23, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-45149 MEDIUM
Moodle 3.9.0-3.9.17 - Cross-Site Request Forgery via Course Redirect URL
Nov 23, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-2986 HIGH
moodle 3.11.0-3.11.8 - Cross-Site Request Forgery via H5P Library Toggle
Oct 06, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-40316 MEDIUM
moodle 3.9.0-3.9.16 - Missing Authorization in H5P Activity Attempts Report
Sep 30, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-40315 CRITICAL
moodle 3.9.0-3.9.16 - SQL Injection in User Browse Page
Sep 30, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40314 CRITICAL
Moodle < 3.9.17 - Remote Code Execution via Backup File Deserialization
Sep 30, 2022
CVSS 9.8
EPSS 0.06
CVE-2022-40313 HIGH
moodle 3.9.0-3.9.16 - Cross-Site Scripting via Mustache Template Helper Recursive Rendering
Sep 30, 2022
CVSS 7.1
EPSS 0.00
CVE-2022-35653 MEDIUM NUCLEI
Moodle 3.9.0-3.9.14 and 4.0.0-4.0.1 - Reflected Cross-Site Scripting in LTI Module
Jul 25, 2022
CVSS 6.1
EPSS 0.84
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV