Filtered by vendor Moodle
Subscriptions
Total
607 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2247 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors. | ||||
| CVE-2004-1978 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | ||||
| CVE-2005-3648 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | ||||
| CVE-2005-3649 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter. | ||||
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | ||||
| CVE-2006-4936 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors. | ||||
| CVE-2006-4786 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-34312 | 2 Moodle, Vpl | 2 Virtual Programming Lab, Jail System | 2025-03-25 | 6.1 Medium |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2025-03-07 | 7.5 High |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | ||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | ||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2025-03-07 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2025-03-06 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | ||||