Search CVE reports
281 – 290 of 646 results
In Moodle 3.x, there is XSS via a calendar event name.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation |
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation |
Moodle 3.x has Server Side Request Forgery in the filepicker.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation |
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This...
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Vulnerable |
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Vulnerable |
In Moodle 3.x, course creators are able to change system default settings for courses.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Vulnerable |
In Moodle 3.3, the course overview block reveals activities in hidden courses.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Vulnerable |
Moodle 3.x has user fullname disclosure on the user preferences page.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Vulnerable |