Search CVE reports
111 – 120 of 582 results
CVE-2022-35651
Medium priorityA stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and...
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-35650
Medium priorityThe vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform...
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-35649
Medium priorityThe vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than...
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-30600
Medium priorityA flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-30599
Medium priorityA flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-30598
Low priorityA flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-30597
Low priorityA flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-30596
Medium priorityA flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-0984
Medium priorityUsers with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2022-0985
Medium priorityInsufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | Needs evaluation | Needs evaluation |