Analyzed
about 1 year
ago.
based on code collected
about 1 year
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2023-35133 | BDSA-2023-1591 | Low | Jun 22, 2023 | An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 t more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2023-35132 | Low | Jun 22, 2023 | A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.1 more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2023-35131 | BDSA-2023-1588 | Low | Jun 22, 2023 | Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and more... |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
| CVE-2023-30944 | BDSA-2023-1070 | Low | May 02, 2023 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A rem more... |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
| CVE-2023-30943 | Low | May 02, 2023 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remo more... |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
|
| CVE-2023-28336 | BDSA-2023-0648 | Low | Mar 23, 2023 | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
| CVE-2023-28334 | Low | Mar 23, 2023 | Authenticated users were able to enumerate other users' names via the learning plans page. |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
|
| CVE-2023-28333 | Low | Mar 23, 2023 | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploita more... |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
|
| CVE-2023-28332 | BDSA-2023-0652 | Low | Mar 23, 2023 | If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
| CVE-2023-28331 | BDSA-2023-0650 | Low | Mar 23, 2023 | Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
