Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.11.2  Security Vulnerabilities
CVE-2022-45150
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-11-23
CVE-2022-45151
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-23
CVE-2022-2986
Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-10-06
CVE-2022-40313
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
CVSS Score
7.1
EPSS Score
0.003
Published
2022-09-30
CVE-2022-40314
A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
CVSS Score
9.8
EPSS Score
0.102
Published
2022-09-30
CVE-2022-40315
A limited SQL injection risk was identified in the "browse list of users" site administration page.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-09-30
CVE-2022-40316
The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-30
CVE-2021-40691
A session hijack risk was identified in the Shibboleth authentication plugin.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-29
CVE-2021-40692
Insufficient capability checks made it possible for teachers to download users outside of their courses.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-29
CVE-2021-40693
An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-29


Products
Pricing
Contact Us

Shodan ® - All rights reserved