Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-786g-xv8v-9h93: Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.

ghsa
#xss#vulnerability#web#git
GHSA-2wmj-8mqg-r9q8: Moodle has Incorrect Default Permissions

In Moodle, insufficient capability checks meant message deletions were not limited to the current user.

GHSA-79jp-m64f-pgrc: Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

GHSA-35wf-3wq2-r3hx: Moodle has Incorrect Default Permissions

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

GHSA-g6h6-4fp6-w33w: Moodle vulnerable to Stored Cross-site Scripting

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.

GHSA-gv8f-43pg-c5qw: Moodle Improper Input Validation vulnerability

In affected versions of Moodle, users' names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1.

GHSA-j9cw-5cpj-9qj5: Moodle has a Hidden Functionality vulnerability

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.

GHSA-f46j-r7q3-6cm2: Moodle SQL Injection vulnerability

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

GHSA-4rmj-w58m-fvch: Moodle vulnerable to Server-Side Request Forgery

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

GHSA-273w-7fxj-pcp6: Moodle vulnerable to Uncontrolled Resource Consumption

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.