Search CVE reports

Toggle filters

61 – 70 of 607 results

CVE-2023-5546

Medium priority
Needs evaluation

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5545

Medium priority
Needs evaluation

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5544

Medium priority
Needs evaluation

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5542

Medium priority
Needs evaluation

Students in "Only see own membership" groups could see other students in the group, which should be hidden.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5541

Medium priority
Needs evaluation

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5540

Medium priority
Needs evaluation

A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-5539

Medium priority
Needs evaluation

A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-46858

Medium priority
Not affected

** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their...

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Not affected Not affected
Show less packages

CVE-2023-40325

Medium priority
Needs evaluation

[Unknown description]

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages

CVE-2023-40324

Medium priority
Needs evaluation

[Unknown description]

1 affected package

moodle

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
moodle Not in release Not in release Not in release Needs evaluation Needs evaluation
Show less packages
  1. Previous page
  2. 5
  3. 6
  4. 7
  5. 8
  6. 9
  7. Next page
Export to JSON