Filter
AND
AND

redhat/moodleMoodle: xss risk when previewing data in course upload tool

First published (updated )

redhat/moodleMoodle: stored xss and potential idor risk in wiki comments

First published (updated )

redhat/moodleMoodle: xss risk when using csv grade import method

First published (updated )

redhat/moodleMoodle: minor sql injection risk in external wiki method for listing pages

7.3
First published (updated )

MoodleIn Moodle, insufficient limitations in some quiz web services made it possible for students to bypas…

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MoodleMoodle: course participation report shows roles the user should not see

First published (updated )

MoodleMoodle: teacher can access names of users they do not have permission to access

First published (updated )

MoodleMoodle: pix helper potential mustache code injection risk

First published (updated )

MoodleMoodle: algebra filter xss when filter is misconfigured

First published (updated )

MoodleMoodle: xss risk when outputting database activity filter data

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MoodleMoodle: authenticated arbitrary file read through malformed backup file

First published (updated )

MoodleMoodle: authenticated sql injection via availability check

8.8
First published (updated )

redhat/moodleMoodle: possible to set the preferred "start page" of other users

8.2
First published (updated )

redhat/moodleMoodle: reflected xss risk in some returnurl parameters

First published (updated )

redhat/moodleCSRF

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

composer/moodle/moodleXSS

First published (updated )

composer/moodle/moodleSQL Injection

First published (updated )

composer/moodle/moodleSQL Injection

First published (updated )

composer/moodle/moodleXSS

7.1
First published (updated )

MoodleXSS

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

MoodleIn Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves…

8.8
First published (updated )

MoodleIn Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it ca…

7.5
First published (updated )

MoodleXSS, SSRF

First published (updated )

composer/moodle/moodleInput Validation, Code Injection

First published (updated )

composer/moodle/moodleInput Validation, Path Traversal

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

composer/moodle/moodleThe mobile auto-login URL required additional sanitizing to prevent an open redirect risk. Versions…

First published (updated )

MoodleXSS

First published (updated )

redhat/moodleSQL Injection

8.8
First published (updated )

redhat/moodleUsers with the capability to configure badge criteria (teachers and managers by default) were able t…

First published (updated )

composer/moodle/moodleSQL Injection

7.2
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203