moodle
629 tracked vulnerabilities.
CVE-2021-20282
MEDIUM
moodle 3.5.0-3.5.16 - Incorrect Authorization in User Account Verification
Mar 15, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-20281
MEDIUM
moodle 3.5.0-3.5.16 and 3.10.0-3.10.1 - Exposure of Sensitive Information via Online Users Block
Mar 15, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-20280
MEDIUM
Moodle 3.5.0-3.5.16, 3.8.0-3.8.7, 3.9.0-3.9.4, 3.10.0-3.10.1 - Stored XSS and SSRF in Text-Based Feedback
Mar 15, 2021
CVSS 5.4
EPSS 0.01
CVE-2021-20279
MEDIUM
moodle 3.5.0-3.5.16, 3.10.0-3.10.1 - Stored Cross-Site Scripting in ID Number User Profile Field
Mar 15, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-20185
MEDIUM
Moodle < 3.5.16 - Denial of Service via Large Message
Jan 28, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-20187
HIGH
Moodle < 3.5.16, 3.8.7, 3.9.4, 3.10.1 - Authenticated Remote Code Execution via Shibboleth PHP Include
Jan 28, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-20186
MEDIUM
Moodle <3.5.16, 3.8-3.8.7, 3.9-3.9.4, 3.10-3.10.1 - Stored Cross-Site Scripting in TeX Notation Filter
Jan 28, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-20184
MEDIUM
Moodle <3.10.1, <3.9.4, <3.8.7 - Info Disclosure
Jan 28, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-20183
MEDIUM
Moodle < 3.10.1 and 3.10-4.0.0-beta - Reflected Cross-Site Scripting via Search Input
Jan 28, 2021
CVSS 5.4
EPSS 0.00
CVE-2020-1756
HIGH
Moodle <3.8.2-3.5.11 - Info Disclosure
Aug 16, 2022
CVSS 7.2
EPSS 0.01
CVE-2020-1755
MEDIUM
Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - CSRF
Aug 16, 2022
CVSS 5.3
EPSS 0.00
CVE-2020-14322
HIGH
Moodle 3.5.0-3.5.12, 3.7.0-3.7.6, 3.8.0-3.8.3, 3.9.0 - Denial of Service via YUI Combo File Loading
Aug 16, 2022
CVSS 7.5
EPSS 0.01
CVE-2020-14321
HIGH
Moodle Teacher Enrollment Privilege Escalation to RCE
Aug 16, 2022
CVSS 8.8
EPSS 0.39
CVE-2020-14320
MEDIUM
Moodle 3.7.0-3.7.6, 3.9.0 - Reflected Cross-Site Scripting in Admin Task Log Filter
Aug 16, 2022
CVSS 6.1
EPSS 0.01
CVE-2020-1754
MEDIUM
Moodle <3.8.2, <3.7.5, <3.6.9, <3.5.11 - Info Disclosure
Aug 05, 2022
CVSS 4.3
EPSS 0.00
CVE-2020-1691
MEDIUM
Moodle 3.8 - Stored Cross-Site Scripting in Conversation Overview
Aug 05, 2022
CVSS 5.4
EPSS 0.01
CVE-2020-25627
MEDIUM
moodle 3.9-3.9.1 - Stored Cross-Site Scripting in moodlenetprofile User Profile Field
Dec 09, 2020
CVSS 6.1
EPSS 0.05
CVE-2020-25631
MEDIUM
Moodle 3.7.0-3.7.7, 3.8-3.8.4, 3.9-3.9.1 - Stored Cross-Site Scripting in Book Chapter Title
Dec 08, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-25630
HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Denial of Service via Unchecked Zip File Decompression
Dec 08, 2020
CVSS 7.5
EPSS 0.00
CVE-2020-25629
HIGH
Moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Privilege Escalation via 'Log in as' Capability
Dec 08, 2020
CVSS 8.8
EPSS 0.01
CVE-2020-25628
MEDIUM
moodle 3.5.0-3.5.13, 3.7.0-3.7.7, 3.8.0-3.8.4, 3.9.0-3.9.1 - Reflected Cross-Site Scripting in Tag Manager Filter
Dec 08, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-25703
MEDIUM
Moodle 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Information Disclosure in Participants Table Download
Nov 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-25702
MEDIUM
Moodle 3.9-3.9.2 - Stored Cross-Site Scripting via Content Bank Item Rename
Nov 19, 2020
CVSS 6.1
EPSS 0.00
CVE-2020-25701
MEDIUM
Moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Improper Access Control via Upload Course Tool
Nov 19, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-25700
MEDIUM
moodle 3.5.0-3.5.14, 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - SQL Injection via Database Module Web Services
Nov 19, 2020
CVSS 6.5
EPSS 0.00
Quick Filters