Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.11.14  Security Vulnerabilities
CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
CVSS Score
3.3
EPSS Score
0.001
Published
2023-11-09
CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-09
CVE-2023-5545
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
CVSS Score
3.3
EPSS Score
0.003
Published
2023-11-09
CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.
CVSS Score
4.7
EPSS Score
0.018
Published
2023-11-09
CVE-2023-35131
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
CVSS Score
6.1
EPSS Score
0.006
Published
2023-06-22
CVE-2023-35132
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
6.3
EPSS Score
0.002
Published
2023-06-22
CVE-2023-35133
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-06-22
CVE-2010-4207
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CVSS Score
4.3
EPSS Score
0.02
Published
2010-11-07
CVE-2010-4208
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
CVSS Score
4.3
EPSS Score
0.018
Published
2010-11-07
CVE-2007-6538
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.012
Published
2007-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved