moodle/moodle Security Advisories for v4.1.7 (92)
-
[HIGH] Moodle has a Remote Code Execution risk via file restore
PKSA-fh6z-73jv-qwnd CVE-2026-26045 GHSA-ggxq-2mg9-8966
Affected version: <4.5.9|>=5.0.0-beta,<5.0.5|>=5.1.0-beta,<5.1.2
Reported by:
GitHub -
[MEDIUM] Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
PKSA-d5fc-2jw8-sm45 CVE-2026-26047 GHSA-cg8j-5cr2-568q
Affected version: <4.5.9|>=5.0.0-beta,<5.0.5|>=5.1.0-beta,<5.1.2
Reported by:
GitHub -
[LOW] Moodle Open Redirect vulnerability
PKSA-prf5-y5p2-ykmg CVE-2025-67852 GHSA-qv78-6gpp-hm68
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle Affected by Improper Restriction of Excessive Authentication Attempts
PKSA-dz6d-pdgm-m472 CVE-2025-67853 GHSA-5cx4-w4fh-fr57
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to Cross-site Scripting
PKSA-2j87-1r5d-n19k CVE-2025-67855 GHSA-vwhw-vp9v-q9c9
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle has an authorization logic flaw
PKSA-xyd9-vffd-bswp CVE-2025-67856 GHSA-hcm6-q6pc-xfhm
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle Inserts Sensitive Information Into Sent Data
PKSA-2wxn-vc4s-1dkz CVE-2025-67857 GHSA-8jrv-wx83-w3xj
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle authentication bypass vulnerability
PKSA-d2w7-632f-6wy9 CVE-2025-67848 GHSA-j5jv-w5cw-j9ff
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle Cross-site Scripting (XSS) vulnerability
PKSA-qhxz-6rtn-nzx7 CVE-2025-67849 GHSA-mhf6-pp52-8wqj
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle vulnerable to Cross-site Scripting
PKSA-3g2p-wb92-w82j CVE-2025-67850 GHSA-6mmv-f6c6-v6q8
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[MEDIUM] Moodle formula injection vulnerability
PKSA-213q-p3b4-49zj CVE-2025-67851 GHSA-qfh6-h7j6-fvjv
Affected version: >=5.1.0-beta,<5.1.1|>=5.0.0-beta,<5.0.4|>=4.5.0-beta,<4.5.8|>=4.4.0-beta,<4.4.12|<4.1.22
Reported by:
GitHub -
[HIGH] Moodle affected by a code injection vulnerability
PKSA-41tm-5zq3-pfdc CVE-2025-67847 GHSA-xvmh-25jw-gmmm
Affected version: <4.1.22|>=4.2.0-beta,<4.4.12|>=4.5.0-beta,<4.5.8|>=5.0.0-beta,<5.0.4|>=5.1.0-beta,<5.1.1
Reported by:
GitHub -
[HIGH] Moodle vulnerable to brute-force password guesses
PKSA-c2fh-btt6-h7g6 CVE-2025-62399 GHSA-m58f-9pvv-8mp2
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle exposed the names of hidden groups to users
PKSA-7bbm-2bcq-7hnc CVE-2025-62400 GHSA-422v-w6c5-vq42
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle has a time restriction bypass
PKSA-2154-mt94-234t CVE-2025-62401 GHSA-w29j-8phw-ffjf
Affected version: <4.1.21|>=4.2.0-beta,<4.4.11|>=4.5.0-beta,<4.5.7|>=5.0.0-beta,<5.0.3
Reported by:
GitHub -
[MEDIUM] Moodle allows IDOR when accessing the cohorts report
PKSA-bctf-nmjy-ynnz CVE-2025-3647 GHSA-34g7-pg9j-pxgp
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[LOW] Moodle has a CSRF risk in user tours manager that allows tour duplication
PKSA-jwzm-wkm8-x9qp CVE-2025-3635 GHSA-88xj-97gf-7wpq
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle allows IDOR in RSS block, which allows access to additional RSS feeds
PKSA-848d-b4jc-r4z3 CVE-2025-3636 GHSA-chmf-m33p-ph8m
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[LOW] Moodle's mod_data edit/delete pages pass CSRF token in GET parameter
PKSA-fvfh-pt1s-3tmx CVE-2025-3637 GHSA-9vc3-vm42-fjhm
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[LOW] Moodle has a CSRF risk in Brickfield tool's analysis request action
PKSA-ysbw-mxpt-3wtx CVE-2025-3638 GHSA-m8qh-hx4c-h9hr
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle has an IDOR in web service which allows users enrolled in a course to access some details of other users
PKSA-mj2r-6dr9-xghp CVE-2025-3640 GHSA-6g5x-h5x7-q4mq
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[HIGH] Moodle has an authenticated remote code execution risk in the Moodle LMS Dropbox repository
PKSA-9jfc-tg5h-yj5b CVE-2025-3641 GHSA-c8v6-vxhf-wcrr
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[HIGH] Moodle has an authenticated remote code execution risk in the Moodle LMS EQUELLA repository
PKSA-8gd9-7npk-ym55 CVE-2025-3642 GHSA-m367-445c-2xqr
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle has reflected Cross-site Scripting risk in policy tool
PKSA-8sfx-6cpy-w558 CVE-2025-3643 GHSA-hxgg-4qww-85ph
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle's AJAX section delete does not respect course_can_delete_section()
PKSA-g3j3-qxjm-3zq6 CVE-2025-3644 GHSA-cpm7-mv33-jwf8
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle has an IDOR in messaging web service which allows access to some user details
PKSA-pr46-vm59-kn4p CVE-2025-3645 GHSA-pj96-xh2w-fgqx
Affected version: >=4.5.0-beta,<4.5.4|>=4.4.0-beta,<4.4.8|>=4.3.0-beta,<4.3.12|<4.1.18
Reported by:
GitHub -
[MEDIUM] Moodle shows hidden grades to users without permission on some grade reports
PKSA-d7vn-pt6b-zj2h CVE-2025-32045 GHSA-8m7c-hm88-2p97
Affected version: >=4.5.0-beta,<4.5.3|>=4.4.0-beta,<4.4.7|>=4.3.0-beta,<4.3.11|<4.1.17
Reported by:
GitHub -
[HIGH] Moodle has an arbitrary file read risk through pdfTeX
PKSA-tbqf-gy2t-9549 CVE-2025-26525 GHSA-4hmr-39vp-xfrr
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[MEDIUM] Moodle's feedback response viewing and deletions did not respect Separate Groups mode
PKSA-1xfj-78ck-68m3 CVE-2025-26526 GHSA-pxg4-xjp7-w9c5
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[MEDIUM] Moodle's non-searchable tags can still be discovered on the tag search page and in the tags block
PKSA-zx9m-rnqj-bycy CVE-2025-26527 GHSA-5r85-6h7f-rg3r
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[LOW] Moodle has a stored XSS in ddimageortext question type
PKSA-19h3-t8f4-j9qr CVE-2025-26528 GHSA-h697-w4ph-7pcx
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[HIGH] Moodle has a stored XSS risk in admin live log
PKSA-bqpz-gp92-yhbn CVE-2025-26529 GHSA-wr88-x8cm-7cgq
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[LOW] Moodle has an IDOR in badges allows disabling of arbitrary badges
PKSA-6qw2-86sq-nszm CVE-2025-26531 GHSA-g88w-v4cq-qgcp
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[LOW] Moodle allows teachers to evade trusttext config when restoring glossary entries
PKSA-2t2j-mwq1-3v3v CVE-2025-26532 GHSA-cw24-f6fq-7j9v
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[HIGH] Moodle has a SQL injection risk in course search module list filter
PKSA-6vk5-pjgr-yssn CVE-2025-26533 GHSA-rg56-94j7-hjx9
Affected version: <4.1.16|>=4.3.0-beta,<4.3.10|>=4.4.0-beta,<4.4.6|>=4.5.0-beta,<4.5.2
Reported by:
GitHub -
[MEDIUM] Moodle allows users to retrieve information they did not have permission to access
PKSA-wjgr-krfv-d7mf CVE-2024-45689 GHSA-j822-x5gg-5r56
Affected version: >=4.4.0-beta,<4.4.3|>=4.3.0-beta,<4.3.7|>=4.2.0-beta,<4.2.10|<4.1.13
Reported by:
GitHub -
[MEDIUM] Moodle IDOR when deleting OAuth2 linked accounts
PKSA-qgvt-ww2j-46z8 CVE-2024-45690 GHSA-fhg2-r2h9-h7q8
Affected version: >=4.4.0-beta,<4.4.3|>=4.3.0-beta,<4.3.7|>=4.2.0-beta,<4.2.10|<4.1.13
Reported by:
GitHub -
[MEDIUM] Moodle Lesson activity password bypass through PHP loose comparison
PKSA-y22b-yrq9-2frq CVE-2024-45691 GHSA-xfv7-h2qg-rjm7
Affected version: >=4.4.0-beta,<4.4.3|>=4.3.0-beta,<4.3.7|>=4.2.0-beta,<4.2.10|<4.1.13
Reported by:
GitHub -
[MEDIUM] Moodle leaks user names
PKSA-rd93-2zrq-9hms CVE-2024-48896 GHSA-cq5f-wv7p-5gfc
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.8|>=4.2.0,<4.2.11|<4.1.14
Reported by:
GitHub -
[MEDIUM] moodle: IDOR in edit/delete RSS feed
PKSA-hhpt-69ky-ds9w CVE-2024-48897 GHSA-x3x9-349x-2485
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.8|>=4.2.0,<4.2.11|<4.1.14
Reported by:
GitHub -
[MEDIUM] moodle: Some users can delete audiences of other reports
PKSA-sbzz-bvbt-7fqv CVE-2024-48898 GHSA-fjq9-452g-jg3q
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.8|>=4.2.0,<4.2.11|<4.1.14
Reported by:
GitHub -
[MEDIUM] moodle: IDOR when fetching report schedules
PKSA-b9zz-v9f7-k18v CVE-2024-48901 GHSA-mg54-p2wj-5ph7
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.8|>=4.2.0,<4.2.11|<4.1.14
Reported by:
GitHub -
[MEDIUM] Moodle reflected XSS via H5P error message
PKSA-gdvk-459t-n53y CVE-2024-43439 GHSA-hjgc-jxjc-8v9j
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[LOW] Moodle Cross-site Scripting vulnerability
PKSA-g8yy-dfw9-yn61 CVE-2024-43437 GHSA-4hjf-6pxr-549h
Affected version: <4.1.12|>=4.2.0,<4.2.9|>=4.3.0,<4.3.6|>=4.4.0,<4.4.2
Reported by:
GitHub -
[LOW] Moodle admin presets export tool includes some secrets that should not be exported
PKSA-vng5-wdz1-h5s8 CVE-2024-43427 GHSA-vpq5-56jj-vf2m
Affected version: <4.1.12|>=4.2.0,<4.2.9|>=4.3.0,<4.3.6|>=4.4.0,<4.4.2
Reported by:
GitHub -
[LOW] Moodle has user information visibility control issues in gradebook reports
PKSA-zdyc-3cpq-dzhz CVE-2024-43429 GHSA-c767-4whh-v7rw
Affected version: <4.1.12|>=4.2.0,<4.2.9|>=4.3.0,<4.3.6|>=4.4.0,<4.4.2
Reported by:
GitHub -
[LOW] Moodle authorization headers preserved between "emulated redirects"
PKSA-76sy-6846-dkkc CVE-2024-43432 GHSA-7wmp-2xmx-g6h8
Affected version: <4.1.12|>=4.2.0,<4.2.9|>=4.3.0,<4.3.6|>=4.4.0,<4.4.2
Reported by:
GitHub -
[LOW] Moodle has insufficient capability checks
PKSA-52b5-bb1k-6tvt CVE-2024-43435 GHSA-4gq2-x5w4-7hp8
Affected version: <4.1.12|>=4.2.0,<4.2.9|>=4.3.0,<4.3.6|>=4.4.0,<4.4.2
Reported by:
GitHub -
[HIGH] Moodle Remote Code Execution vulnerability
PKSA-b5gd-xb9k-3r4v CVE-2024-43425 GHSA-v6f4-v8h8-3c87
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle has arbitrary file read risk through pdfTeX
PKSA-c8xb-byc5-1chb CVE-2024-43426 GHSA-vjmm-r9gg-425m
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to cache poisoning via injection into storage
PKSA-wg88-91px-2xxt CVE-2024-43428 GHSA-2r9m-wg35-rfvc
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle's IDOR in badges allows deletion of arbitrary badges
PKSA-rxzs-qrdh-wvnm CVE-2024-43431 GHSA-wwjf-gwrv-wh45
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[HIGH] Moodle has CSRF risk in Feedback non-respondents report
PKSA-sw85-d8w2-2fxq CVE-2024-43434 GHSA-x87r-37q5-mmr8
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle vulnerable to site administration SQL injection via XMLDB editor
PKSA-sbn5-p35x-1nwr CVE-2024-43436 GHSA-mx26-62xm-2p83
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
PKSA-yzps-6hch-gh72 CVE-2024-43438 GHSA-p9cx-f595-h79h
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle LFI vulnerability when restoring malformed block backups
PKSA-9732-nw42-9zsm CVE-2024-43440 GHSA-qrqv-26gf-xgwh
Affected version: >=4.4.0-beta,<4.4.2|>=4.3.0-beta,<4.3.6|>=4.2.0-beta,<4.2.9|<4.1.12
Reported by:
GitHub -
[MEDIUM] Moodle BigBlueButton web service leaks meeting joining information
PKSA-pnzk-r5zq-ynpf CVE-2024-38273 GHSA-x29x-qwvx-fxr2
Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1
Reported by:
GitHub -
[MEDIUM] Moodle stored XSS via calendar's event title when deleting the event
PKSA-gstb-chkw-qtcd CVE-2024-38274 GHSA-p5cg-6rfr-6mx8
Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1
Reported by:
GitHub -
[MEDIUM] Moodle HTTP authorization header is preserved between "emulated redirects"
PKSA-g3r1-2nj3-qn37 CVE-2024-38275 GHSA-p2cj-86v4-7782
Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1
Reported by:
GitHub -
[MEDIUM] Moodle CSRF risks due to misuse of confirm_sesskey
PKSA-pwh8-w7s1-zt49 CVE-2024-38276 GHSA-356g-7x36-7m34
Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1
Reported by:
GitHub -
[MEDIUM] Moodle uses the same key for QR login and auto-login
PKSA-my4y-h475-7mp5 CVE-2024-38277 GHSA-r82w-3phg-qvr4
Affected version: <4.1.11|>=4.2.0-beta,<4.2.8|>=4.3.0-beta,<4.3.5|>=4.4.0-beta,<4.4.1
Reported by:
GitHub -
[HIGH] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-kkys-npvt-jjkp CVE-2024-34002 GHSA-mm9p-xwfm-3fqf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-yhpg-hcpg-vd71 CVE-2024-34003 GHSA-jg4f-8w9x-jv35
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-ypnv-pv4y-khkt CVE-2024-34004 GHSA-q3cm-ccrm-2mr6
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[HIGH] Moodle Authenticated LFI risk in some misconfigured shared hosting environments
PKSA-7g9b-96vb-f88b CVE-2024-34005 GHSA-r99q-hmqv-xw8w
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Unsanitized HTML in site log for config_log_created
PKSA-81r7-dyqg-4q32 CVE-2024-34006 GHSA-vvh5-7v3m-j3mj
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[HIGH] Moodle CSRF risk in analytics management of models
PKSA-1bk8-gsry-b156 CVE-2024-34008 GHSA-68x5-4jg5-gjgg
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[HIGH] Moodle CSRF risk in admin preset tool management of presets
PKSA-smf8-81d7-1g8y CVE-2024-34001 GHSA-gq9f-8rj4-w7jc
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-44sz-9c8d-byh6 CVE-2024-34000 GHSA-8qwh-4vwv-7c5m
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle broken access control when setting calendar event type
PKSA-xxjw-syx2-dc4w CVE-2024-33996 GHSA-4qww-rxq6-x7gf
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle stored Cross-site Scripting (XSS)
PKSA-psg4-6cnq-2vpv CVE-2024-33997 GHSA-9qgq-93c7-9hm4
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting (XSS)
PKSA-1vcw-7pbp-4hc4 CVE-2024-33998 GHSA-xqhh-253w-4q5f
Affected version: <4.1.10|>=4.2.0,<4.2.7|>=4.3.0,<4.3.4
Reported by:
GitHub -
[MEDIUM] Cross-site Scripting in Moodle Chat
PKSA-dkf4-gr8b-q7z7 CVE-2024-28593 GHSA-f6mh-79vh-2hv7
Affected version: <=4.3.3
Reported by:
GitHub -
[HIGH] Uncontrolled Resource Consumption in moodle
PKSA-cnq3-npb7-81gr CVE-2024-25978 GHSA-487g-3m3v-hjhq
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Handling of Parameters in moodle
PKSA-8zq5-86tq-npgn CVE-2024-25979 GHSA-6vjf-48fh-vxxj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-q882-vvk2-55y5 CVE-2024-25980 GHSA-cp8m-h777-g4p3
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Improper Access Control in moodle
PKSA-1rtr-36p9-m5t2 CVE-2024-25981 GHSA-jfrg-9hpq-9hvp
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[HIGH] Cross-Site Request Forgery in moodle
PKSA-ywdp-r6kr-8xch CVE-2024-25982 GHSA-7pjp-fm93-p6pj
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Authorization Bypass in moodle
PKSA-yn3d-by8g-nzfj CVE-2024-25983 GHSA-9r26-5w88-qhp9
Affected version: <4.1.9|>=4.2.0,<4.2.6|>=4.3.0,<4.3.3
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-57rb-5xt6-dhwq CVE-2024-1439 GHSA-5p2x-8427-9fgp
Affected version: <=4.2.0
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-nw4f-rh34-rrdv CVE-2023-5544 GHSA-j5xf-gv89-g422
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
PKSA-qmp2-c2q6-ys9x CVE-2023-5545 GHSA-26fg-v32r-h663
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-hc6s-n6ty-9y9s CVE-2023-5547 GHSA-9gqp-3g28-w9xc
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
PKSA-7z8c-xy4p-1ctc CVE-2023-5548 GHSA-cwh2-q44x-5w3c
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-hfk2-p537-bfvp CVE-2023-5549 GHSA-fm5h-58g2-4m3f
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Code Injection vulnerability
PKSA-fmy8-x52s-r4tc CVE-2023-5539 GHSA-3xxm-3g3c-w579
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[HIGH] Moodle Code Injection vulnerability
PKSA-9gb6-31c6-p6xb CVE-2023-5540 GHSA-w8x2-w4qr-v3x4
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-71dn-fkh5-k7hn CVE-2023-5541 GHSA-28gc-4qq5-8q26
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Improper Access Control vulnerability
PKSA-d458-bwfk-smkv CVE-2023-5542 GHSA-8mm2-m2gp-c6x2
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle Cross-site Scripting vulnerability
PKSA-mc6m-hdgk-qpkp CVE-2023-5546 GHSA-9724-h8p7-r3jv
Affected version: <4.3.0-rc2
Reported by:
GitHub -
[MEDIUM] Moodle External Control of File Name or Path vulnerability
PKSA-tkmd-sfy5-9ntm CVE-2023-30943 GHSA-22gj-8qj2-fj46
Affected version: <4.2.0-rc2
Reported by:
GitHub -
[HIGH] Moodle SQL Injection vulnerability
PKSA-vvyj-pzxn-byrt CVE-2023-30944 GHSA-7mmc-22g7-3xq2
Affected version: <4.2.0-rc2
Reported by:
GitHub