| CVE-2023-28330 |
unknown |
— |
— |
3y ago |
Moodle arbitrary file read vulnerability |
|
| CVE-2023-28333 |
unknown |
— |
— |
3y ago |
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input |
|
| CVE-2023-28335 |
unknown |
— |
— |
3y ago |
Moodle vulnerable to Cross-site Request Forgery |
|
| CVE-2023-28336 |
unknown |
— |
— |
3y ago |
Moodle may allow teachers to access the names of users they could not otherwise access |
|
| CVE-2021-36399 |
unknown |
— |
— |
3y ago |
Moodle Cross-site Scripting vulnerability |
|
| CVE-2021-36398 |
unknown |
— |
— |
3y ago |
Moodle Cross-site Scripting vulnerability |
|
| CVE-2021-36397 |
unknown |
— |
— |
3y ago |
Moodle has Incorrect Default Permissions |
|
| CVE-2021-36400 |
unknown |
— |
— |
3y ago |
Moodle has Incorrect Default Permissions |
|
| CVE-2021-36401 |
unknown |
— |
— |
3y ago |
Moodle vulnerable to Stored Cross-site Scripting |
|
| CVE-2021-36402 |
unknown |
— |
— |
3y ago |
Moodle Improper Input Validation vulnerability |
|
| CVE-2021-36403 |
unknown |
— |
— |
3y ago |
Moodle has a Hidden Functionality vulnerability |
|
| CVE-2021-36394 |
unknown |
— |
— |
3y ago |
Moodle Session Fixation vulnerability |
|
| CVE-2021-36395 |
unknown |
— |
— |
3y ago |
Moodle vulnerable to Uncontrolled Resource Consumption |
|
| CVE-2021-36392 |
unknown |
— |
— |
3y ago |
Moodle SQL Injection vulnerability |
|
| CVE-2021-36393 |
unknown |
— |
— |
3y ago |
Moodle SQL Injection vulnerability |
|
| CVE-2021-36396 |
unknown |
— |
— |
3y ago |
Moodle vulnerable to Server-Side Request Forgery |
|
| CVE-2023-23921 |
unknown |
— |
— |
3y ago |
Moodle Cross-site Scripting vulnerability |
|
| CVE-2023-23923 |
unknown |
— |
— |
3y ago |
Moodle Improper Access Control vulnerability |
|
| CVE-2023-23922 |
unknown |
— |
— |
3y ago |
Moodle Cross-site Scripting vulnerability |
|
| CVE-2022-45152 |
unknown |
— |
— |
4y ago |
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library |
|
| CVE-2022-45151 |
unknown |
— |
— |
4y ago |
Moodle stored-XSS vulnerability in some "social" user profile fields |
|
| CVE-2022-45150 |
unknown |
— |
— |
4y ago |
Moodle reflected cross-site scripting vulnerability in policy tool |
|
| CVE-2022-45149 |
unknown |
— |
— |
4y ago |
Cross-Site Request Forgery in Moodle |
|
| CVE-2022-2986 |
unknown |
— |
— |
4y ago |
Moodle Cross-Site Request Forgery (CSRF) |
|
| CVE-2022-40315 |
unknown |
— |
— |
4y ago |
Moodle Minor SQL injection risk in admin user browsing |
|
| CVE-2022-40314 |
unknown |
— |
— |
4y ago |
Moodle remote code execution |
|
| CVE-2022-40313 |
unknown |
— |
— |
4y ago |
Moodle Stored Cross-site Scripting and page denial of service |
|
| CVE-2022-40316 |
unknown |
— |
— |
4y ago |
Moodle No groups filtering in H5P activity attempts report |
|
| CVE-2021-40692 |
unknown |
— |
— |
4y ago |
Moodle Incorrect Authorization |
|
| CVE-2021-40691 |
unknown |
— |
— |
4y ago |
Moodle Improper Authentication |
|
| CVE-2021-40693 |
unknown |
— |
— |
4y ago |
Moodle type juggling vulnerability |
|
| CVE-2021-40694 |
unknown |
— |
— |
4y ago |
Moodle Improper Encoding or Escaping of Output |
|
| CVE-2021-40695 |
unknown |
— |
— |
4y ago |
Moodle Exposure of Sensitive Information to an Unauthorized Actor |
|
| CVE-2021-36568 |
unknown |
— |
— |
4y ago |
Moodle Cross-site Scripting vulnerability |
|
| CVE-2020-14320 |
unknown |
— |
— |
4y ago |
Moodle reflected XSS Vulnerability |
|
| CVE-2020-14321 |
unknown |
— |
— |
4y ago |
Moodle Incorrect Authorization vulnerability |
|
| CVE-2020-1691 |
unknown |
— |
— |
4y ago |
Moodle XSS Vulnerability |
|
| CVE-2022-35653 |
unknown |
— |
— |
4y ago |
Moodle LTI module reflected XSS risk |
|
| CVE-2022-35650 |
unknown |
— |
— |
4y ago |
Moodle Arbitrary file read when importing lesson questions |
|
| CVE-2022-35652 |
unknown |
— |
— |
4y ago |
Moodle Open redirect risk in mobile auto-login feature |
|
| CVE-2022-35649 |
unknown |
— |
— |
4y ago |
Moodle PostScript Code Injection |
|
| CVE-2022-35651 |
unknown |
— |
— |
4y ago |
Moodle Stored XSS and blind SSRF possible via SCORM track details |
|
| CVE-2019-18210 |
unknown |
— |
— |
4y ago |
Moodle Persistent Cross-site Scripting (XSS) |
|
| CVE-2021-43559 |
unknown |
— |
— |
4y ago |
Moodle contains CSRF vulnerability |
|
| CVE-2021-43560 |
unknown |
— |
— |
4y ago |
Moodle Insecure direct object reference (IDOR) in a calendar web service |
|
| CVE-2021-21809 |
unknown |
— |
— |
4y ago |
Moodle command execution vulnerability exists in the default legacy spellchecker plugin |
|
| CVE-2021-32244 |
unknown |
— |
— |
4y ago |
Moodle Cross Site Scripting (XSS) |
|
| CVE-2021-20283 |
unknown |
— |
— |
4y ago |
Missing permission check in Moodle |
|
| CVE-2021-20282 |
unknown |
— |
— |
4y ago |
Moodle Bypass email verification secret when confirming account registration |
|
| CVE-2021-20279 |
unknown |
— |
— |
4y ago |
Moodle contains Stored XSS via ID number user profile field |
|
| CVE-2021-20183 |
unknown |
— |
— |
4y ago |
Moodle Vulnerable to Reflected Cross-site Scripting |
|
| CVE-2021-20184 |
unknown |
— |
— |
4y ago |
Moodle Grade information disclosure in grade's external fetch functions |
|
| CVE-2021-20187 |
unknown |
— |
— |
4y ago |
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration |
|
| CVE-2021-20186 |
unknown |
— |
— |
4y ago |
Moodle Cross-site Scripting |
|
| CVE-2021-20185 |
unknown |
— |
— |
4y ago |
Moodle Client side denial of service via personal message |
|
| CVE-2020-25630 |
unknown |
— |
— |
4y ago |
Moodle Denial of Service |
|
| CVE-2020-25629 |
unknown |
— |
— |
4y ago |
Moodle incorrect access control |
|
| CVE-2020-25627 |
unknown |
— |
— |
4y ago |
Moodle stored Cross-site Scripting (XSS) |
|
| CVE-2020-25631 |
unknown |
— |
— |
4y ago |
Moodle Cross-site Scripting (XSS) |
|
| CVE-2020-10738 |
unknown |
— |
— |
4y ago |
Moodle vulnerable to RCE |
|
| CVE-2019-14880 |
unknown |
— |
— |
4y ago |
Moodle Oauth 2 Insufficiently Protects Against Compromise |
|
| CVE-2019-14884 |
unknown |
— |
— |
4y ago |
Moodle reflected Cross-site Scripting (XSS) |
|
| CVE-2019-14883 |
unknown |
— |
— |
4y ago |
Moodle Email media URL tokens were not checking for user status |
|
| CVE-2019-14882 |
unknown |
— |
— |
4y ago |
Moodle open redirect vulnerability |
|
| CVE-2019-14881 |
unknown |
— |
— |
4y ago |
Moodle XSS Vulnerability |
|
| CVE-2019-14879 |
unknown |
— |
— |
4y ago |
Moodle does not revoke role capabilities correctly |
|
| CVE-2019-10189 |
unknown |
— |
— |
4y ago |
moodle Improper Access Control |
|
| CVE-2019-10187 |
unknown |
— |
— |
4y ago |
Moodle Ability to delete glossary entries that belong to another glossary |
|
| CVE-2019-10188 |
unknown |
— |
— |
4y ago |
moodle Improper Access Control |
|
| CVE-2019-10186 |
unknown |
— |
— |
4y ago |
Moodle CSRF Vulnerability |
|
| CVE-2019-10154 |
unknown |
— |
— |
4y ago |
Moodle all messaging conversations could be viewed |
|
| CVE-2019-10133 |
unknown |
— |
— |
4y ago |
Moodle Open Redirect Vulnerability |
|
| CVE-2019-10134 |
unknown |
— |
— |
4y ago |
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions |
|
| CVE-2022-30598 |
unknown |
— |
— |
4y ago |
Exposure of Sensitive Information in moodle |
|
| CVE-2022-30600 |
unknown |
— |
— |
4y ago |
Incorrect Calculation in moodle |
|
| CVE-2022-30599 |
unknown |
— |
— |
4y ago |
SQL injection in moodle |
|
| CVE-2022-30596 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in moodle |
|
| CVE-2022-30597 |
unknown |
— |
— |
4y ago |
External Control of Assumed-Immutable Web Parameter in moodle |
|
| CVE-2008-5153 |
unknown |
— |
— |
4y ago |
Moodle vulnerable to symlink attack |
|
| CVE-2018-1044 |
unknown |
— |
— |
4y ago |
Moodle Privilege escalation in quiz web services |
|
| CVE-2018-1045 |
unknown |
— |
— |
4y ago |
Moodle XSS Vulnerability |
|
| CVE-2018-1135 |
unknown |
— |
— |
4y ago |
Moodle Portfolio forum caller class allows a user to download any file |
|
| CVE-2018-1137 |
unknown |
— |
— |
4y ago |
Moodle Portfolio script allows instantiation of class chosen by user |
|
| CVE-2019-6970 |
unknown |
— |
— |
4y ago |
Moodle SSRF Vulnerability |
|
| CVE-2018-1042 |
unknown |
— |
— |
4y ago |
Moodle SSRF Vulnerability |
|
| CVE-2018-1136 |
unknown |
— |
— |
4y ago |
Moodle Cross-site Scripting |
|
| CVE-2018-1134 |
unknown |
— |
— |
4y ago |
Moodle Improper Privilege Management |
|
| CVE-2018-1043 |
unknown |
— |
— |
4y ago |
Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames |
|
| CVE-2018-10889 |
unknown |
— |
— |
4y ago |
Moodle sensitive information disclosure |
|
| CVE-2018-10890 |
unknown |
— |
— |
4y ago |
Moodle Exposure of Sensitive Information to an Unauthorized Actor |
|
| CVE-2018-14630 |
unknown |
— |
— |
4y ago |
Moodle XML import of ddwtos could lead to intentional remote code execution |
|
| CVE-2018-14631 |
unknown |
— |
— |
4y ago |
Moodle Cross-site Scripting |
|
| CVE-2018-16854 |
unknown |
— |
— |
4y ago |
Moodle Login CSRF vulnerability in login form |
|
| CVE-2018-1082 |
unknown |
— |
— |
4y ago |
Moodle Improper Authentication |
|
| CVE-2019-3809 |
unknown |
— |
— |
4y ago |
Moodle Blind SSRF Risk in /badges/mybackpack.php |
|
| CVE-2019-3850 |
unknown |
— |
— |
4y ago |
Moodle Stored HTML in assignment submission comments allowed links to be opened directly |
|
| CVE-2019-3852 |
unknown |
— |
— |
4y ago |
Moodle context freezing |
|
| CVE-2019-3851 |
unknown |
— |
— |
4y ago |
Moodle Secure layout contained an insecure link in Boost theme |
|
| CVE-2018-1133 |
unknown |
— |
— |
4y ago |
Moodle calculated question type allows remote code execution by Question authors |
|
| CVE-2018-1081 |
unknown |
— |
— |
4y ago |
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script |
|