In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-03-06
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2023-03-06
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2023-03-06
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVSS Score
5.3
EPSS Score
0.004
Published
2023-03-06
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS Score
9.8
EPSS Score
0.268
Published
2023-03-06
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.116
Published
2023-03-06
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-03-06
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
CVSS Score
7.5
EPSS Score
0.031
Published
2023-03-06