Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.11.0  Security Vulnerabilities
CVE-2021-36399
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-03-06
CVE-2021-36400
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-06
CVE-2021-36401
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-06
CVE-2021-36392
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVSS Score
9.8
EPSS Score
0.004
Published
2023-03-06
CVE-2021-36393
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS Score
9.8
EPSS Score
0.249
Published
2023-03-06
CVE-2021-36394
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.192
Published
2023-03-06
CVE-2021-36395
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-03-06
CVE-2021-36396
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-03-06
CVE-2023-23921
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-02-17
CVE-2023-23923
The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
CVSS Score
8.2
EPSS Score
0.003
Published
2023-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved