Shodan
Vulnerabilities
Vulnerable Software
Moodle:  Security Vulnerabilities
CVE-2021-40695
It was possible for a student to view their quiz grade before it had been released, using a quiz web service.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-09-29
CVE-2021-36568
In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-09-13
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-08-16
CVE-2020-14321
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS Score
8.8
EPSS Score
0.388
Published
2022-08-16
CVE-2020-14322
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-08-16
CVE-2020-1755
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-08-16
CVE-2020-1756
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.
CVSS Score
7.2
EPSS Score
0.007
Published
2022-08-16
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
CVSS Score
5.4
EPSS Score
0.007
Published
2022-08-05
CVE-2020-1754
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-08-05
CVE-2022-35649
The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
CVSS Score
9.8
EPSS Score
0.073
Published
2022-07-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved