Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.10.9  Security Vulnerabilities
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVSS Score
6.2
EPSS Score
0.003
Published
2024-05-31
CVE-2024-33997
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation.
CVSS Score
6.1
EPSS Score
0.009
Published
2024-05-31
CVE-2024-33998
Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features.
CVSS Score
5.4
EPSS Score
0.01
Published
2024-05-31
CVE-2024-29374
A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-21
CVE-2024-1439
Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-02-12
CVE-2022-30597
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVSS Score
5.3
EPSS Score
0.006
Published
2022-05-18
CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-05-18
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-05-18
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-05-18
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2022-05-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved