Shodan
Vulnerabilities
Vulnerable Software
Moodle:  >> Moodle  >> 3.9.12  Security Vulnerabilities
CVE-2022-30598
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
CVSS Score
4.3
EPSS Score
0.005
Published
2022-05-18
CVE-2022-30599
A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-05-18
CVE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.
CVSS Score
9.8
EPSS Score
0.019
Published
2022-05-18
CVE-2022-30596
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2022-05-18
CVE-2022-0984
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-29
CVE-2022-0985
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-29
CVE-2022-0983
An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-03-25
CVE-2021-20183
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-01-28
CVE-2010-4207
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CVSS Score
4.3
EPSS Score
0.02
Published
2010-11-07
CVE-2010-4208
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
CVSS Score
4.3
EPSS Score
0.018
Published
2010-11-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved