| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." |
| Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. |
| Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. |
| SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. |
| Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter. |
| Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. |
| Incorrect CSRF token checks resulted in multiple CSRF risks. |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. |
