Filtered by vendor Moodle
Subscriptions
Total
634 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4304 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | ||||
| CVE-2008-3326 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | ||||
| CVE-2007-1429 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php. | ||||
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | N/A |
| SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | ||||
| CVE-2007-3555 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424. | ||||
| CVE-2008-5432 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title). | ||||
| CVE-2009-4305 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | ||||
| CVE-2008-3325 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | ||||
| CVE-2009-4303 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | ||||
| CVE-2009-4302 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | ||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | ||||
| CVE-2006-6626 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | ||||
| CVE-2008-0123 | 1 Moodle | 1 Moodle | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. | ||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2025-04-08 | 6.5 Medium |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | ||||
| CVE-2024-38276 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-03-26 | 8.8 High |
| Incorrect CSRF token checks resulted in multiple CSRF risks. | ||||
| CVE-2024-34312 | 2 Moodle, Vpl | 2 Virtual Programming Lab, Jail System | 2025-03-25 | 6.1 Medium |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | ||||
| CVE-2024-34008 | 1 Moodle | 1 Moodle | 2025-03-25 | 3.5 Low |
| Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||