In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-06
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-03-06
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.006
Published
2023-03-06
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-03-06
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-06
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS Score
9.8
EPSS Score
0.23
Published
2023-03-06
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.175
Published
2023-03-06
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-06