moodle

629 tracked vulnerabilities.

CVE-2022-35652 MEDIUM
Moodle 3.9.0-3.9.14 and 4.0-4.0.1 - Open Redirect via Mobile Auto-Login Feature
Jul 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-35651 MEDIUM
Moodle 3.9.0-3.9.14 - Stored Cross-Site Scripting and Blind Server-Side Request Forgery in SCORM Track Details
Jul 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-35650 HIGH
Moodle 3.9.0-3.9.14 - Authenticated Path Traversal via Lesson Question Import
Jul 25, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-35649 CRITICAL
Moodle - Remote Code Execution via Ghostscript PostScript Parsing
Jul 25, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-30600 CRITICAL
Moodle 3.9-3.9.13 and 4.0 - Account Lockout Bypass via Incorrect Failed Login Calculation
May 18, 2022
CVSS 9.8
EPSS 0.07
CVE-2022-30599 CRITICAL
Moodle 3.9-3.9.13 and 4.0 - SQL Injection in Badges Criteria Configuration
May 18, 2022
CVSS 9.8
EPSS 0.02
CVE-2022-30598 MEDIUM
Moodle 3.9-3.9.13 and 4.0 - Exposure of Sensitive Information via Global Search
May 18, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-30597 MEDIUM
Moodle - Info Disclosure
May 18, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-30596 MEDIUM
Moodle 3.9-3.9.13 and 4.0 - Stored Cross-Site Scripting in Bulk Marker Allocation
May 18, 2022
CVSS 5.4
EPSS 0.01
CVE-2022-0984 MEDIUM
Moodle 3.9.0-3.9.12 and 3.11.0-3.11.5 - Incorrect Authorization in Badge Criteria Configuration
Apr 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0985 MEDIUM
moodle <3.9.13 and 3.11.0-3.11.6 - Improper Authentication in User Deletion
Apr 29, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0983 HIGH
moodle 3.9.0-3.9.12 and 3.11.0-3.11.5 - Authenticated SQL Injection in Badges Criteria Configuration
Mar 25, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-0335 HIGH
Moodle < 3.8.9 and 3.11 < 3.11.5 - Cross-Site Request Forgery in Badge Alignment Deletion
Jan 25, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-0334 MEDIUM
Moodle <3.11.4-3.10.8-3.9.11 - Info Disclosure
Jan 25, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-0333 LOW
Moodle <3.11.4-3.10.8-3.9.11 - Privilege Escalation
Jan 25, 2022
CVSS 3.8
EPSS 0.00
CVE-2022-0332 CRITICAL
Moodle 3.11.0-3.11.4 - SQL Injection via H5P Activity Web Service
Jan 25, 2022
CVSS 9.8
EPSS 0.03
CVE-2021-47857 HIGH
Moodle 3.10.3 - Stored Cross-Site Scripting in Calendar Event Subtitle Field
Jan 21, 2026
CVSS 7.2
EPSS 0.00
CVE-2021-27131 MEDIUM
Moodle 3.10.1 - Stored Cross-Site Scripting via Header and Footer Additional HTML Section
May 16, 2023
CVSS 5.4
EPSS 0.00
CVE-2021-36403 MEDIUM
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Phishing Risk via Hidden Email Notification Link
Mar 06, 2023
CVSS 5.3
EPSS 0.00
CVE-2021-36402 MEDIUM
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Improper Input Validation in Account Confirmation Email
Mar 06, 2023
CVSS 5.3
EPSS 0.00
CVE-2021-36401 MEDIUM
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Stored Cross-Site Scripting in ID Number Export
Mar 06, 2023
CVSS 4.8
EPSS 0.00
CVE-2021-36400 MEDIUM
Moodle <3.9.8 and 3.11.0-beta-3.11.1 - Authorization Bypass in Calendar URL Subscription Removal
Mar 06, 2023
CVSS 5.3
EPSS 0.00
CVE-2021-36399 MEDIUM
Moodle 3.11.0-beta - Stored Cross-Site Scripting in Quiz Override ID Number Display
Mar 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2021-36398 MEDIUM
moodle 3.11 - Stored Cross-Site Scripting in Web Service Token List
Mar 06, 2023
CVSS 5.4
EPSS 0.01
CVE-2021-36397 MEDIUM
Moodle < 3.9.8 and 3.11.0-beta-3.11.1 - Incorrect Default Permissions
Mar 06, 2023
CVSS 5.3
EPSS 0.00
Products
moodle 624 Jmol Plugin 2 Moodle LMS 1 saml_authentication 1 virtual_programming_lab 1
Quick Filters
Critical CVEs With Exploits In CISA KEV