Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.4.0-rc1

Type composer

Namespace moodle

Name moodle

Version 3.4.0-rc1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.5.17

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-2s6b-tp6p-gue1

vulnerability_id VCID-2s6b-tp6p-gue1

summary

Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10186

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.59199
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10186

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b

reference_url

https://moodle.org/mod/forum/discuss.php?d=388567#p1566329

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388567#p1566329

reference_url

https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10186

reference_id

CVE-2019-10186

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10186

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10186, GHSA-wv9c-pfpm-4wc5

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1

url VCID-a6pb-47tu-afcg

vulnerability_id VCID-a6pb-47tu-afcg

summary

Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1692

reference_id

reference_type

scores

value	0.00159
scoring_system	epss
scoring_elements	0.36547
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1692

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1692

reference_id

CVE-2020-1692

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1692

fixed_packages

url pkg:composer/moodle/moodle@3.7.2

purl pkg:composer/moodle/moodle@3.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2

aliases CVE-2020-1692, GHSA-9328-7pcw-vw69

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg

url VCID-eu27-a3px-87ed

vulnerability_id VCID-eu27-a3px-87ed

summary

Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10189

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10189

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388570

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388570

reference_url

http://www.securityfocus.com/bid/109271

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10189

reference_id

CVE-2019-10189

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10189

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10189, GHSA-h7xp-7fjp-ghhc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed

url VCID-jcq6-btgz-fkf6

vulnerability_id VCID-jcq6-btgz-fkf6

summary

Cross-site Scripting
It was found in Moodle that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20183

reference_id

reference_type

scores

value	0.00455
scoring_system	epss
scoring_elements	0.64171
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20183

reference_url

https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3

reference_url

https://moodle.org/mod/forum/discuss.php?d=417166

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417166

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20183

reference_id

CVE-2021-20183

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20183

fixed_packages

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

url	pkg:composer/moodle/moodle@4.0.0-beta
purl	pkg:composer/moodle/moodle@4.0.0-beta
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0-beta

aliases CVE-2021-20183, GHSA-xhfx-rm8q-c3xv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcq6-btgz-fkf6

url VCID-m3np-aebb-8qaa

vulnerability_id VCID-m3np-aebb-8qaa

summary

Improper Access Control
A web service fetching messages was not restricted to the current user's conversations.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10154

reference_id

reference_type

scores

value	0.00236
scoring_system	epss
scoring_elements	0.4672
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10154

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6

reference_url

https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c

reference_url

https://moodle.org/mod/forum/discuss.php?d=386521

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=386521

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10154

reference_id

CVE-2019-10154

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10154

fixed_packages

url pkg:composer/moodle/moodle@3.6.4

purl pkg:composer/moodle/moodle@3.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4

aliases CVE-2019-10154, GHSA-ww45-x87c-wgff

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3np-aebb-8qaa

url VCID-mkfz-e1ft-2bcw

vulnerability_id VCID-mkfz-e1ft-2bcw

summary

Code Injection
It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20187

reference_id

reference_type

scores

value	0.00679
scoring_system	epss
scoring_elements	0.7197
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20187

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417171

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417171

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20187

reference_id

CVE-2021-20187

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20187

fixed_packages

url pkg:composer/moodle/moodle@3.5.16

purl pkg:composer/moodle/moodle@3.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20187, GHSA-2jrm-gww7-wch2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkfz-e1ft-2bcw

url VCID-nntc-dsz1-e3fp

vulnerability_id VCID-nntc-dsz1-e3fp

summary

Cross-site Scripting
It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20186

reference_id

reference_type

scores

value	0.0053
scoring_system	epss
scoring_elements	0.67569
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20186

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417170

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20186

reference_id

CVE-2021-20186

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20186

fixed_packages

url pkg:composer/moodle/moodle@3.5.16

purl pkg:composer/moodle/moodle@3.5.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20186, GHSA-h8m4-h385-qhqv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nntc-dsz1-e3fp

url VCID-qhv1-wgpm-7fh6

vulnerability_id VCID-qhv1-wgpm-7fh6

summary

Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3849

reference_id

reference_type

scores

value	0.00374
scoring_system	epss
scoring_elements	0.59366
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3849

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e

reference_url

https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d

reference_url

https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f

reference_url

https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c

reference_url

https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8

reference_url

https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895

reference_url

https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438

reference_url

https://moodle.org/mod/forum/discuss.php?d=384012#p1547744

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384012#p1547744

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3849

reference_id

CVE-2019-3849

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3849

fixed_packages

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3849, GHSA-5wg9-5w3f-hxmh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6

url VCID-w9ca-exua-g7ar

vulnerability_id VCID-w9ca-exua-g7ar

summary

Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10188

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10188

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388569

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388569

reference_url

http://www.securityfocus.com/bid/109178

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109178

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10188

reference_id

CVE-2019-10188

reference_type

scores

value	4.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10188

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10188, GHSA-92q5-2h76-vgmj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar

url VCID-x7rg-rsb5-pya7

vulnerability_id VCID-x7rg-rsb5-pya7

summary

Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-10187

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36022
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-10187

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=388568#p1566330

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=388568#p1566330

reference_url

http://www.securityfocus.com/bid/109174

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/109174

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-10187

reference_id

CVE-2019-10187

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-10187

fixed_packages

url pkg:composer/moodle/moodle@3.5.7

purl pkg:composer/moodle/moodle@3.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7

url pkg:composer/moodle/moodle@3.6.5

purl pkg:composer/moodle/moodle@3.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5

url pkg:composer/moodle/moodle@3.7.1

purl pkg:composer/moodle/moodle@3.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-494p-pmxw-b7e2

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1

aliases CVE-2019-10187, GHSA-2mg9-hv69-897x

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7

url VCID-y8up-cqtu-jkdw

vulnerability_id VCID-y8up-cqtu-jkdw

summary

Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-18210

reference_id

reference_type

scores

value	0.0044
scoring_system	epss
scoring_elements	0.63483
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-18210

reference_url

https://docs.moodle.org/38/en/Teacher_role

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.moodle.org/38/en/Teacher_role

reference_url

https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-18210

reference_id

CVE-2019-18210

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-18210

fixed_packages

url pkg:composer/moodle/moodle@3.7.3

purl pkg:composer/moodle/moodle@3.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-3uvf-6ztd-xkaf

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-c14d-1sa2-rkf6

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3

aliases CVE-2019-18210, GHSA-q6vw-27c6-jv9c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw

url VCID-zjrq-np3y-hua5

vulnerability_id VCID-zjrq-np3y-hua5

summary

Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3848

reference_id

reference_type

scores

value	0.00133
scoring_system	epss
scoring_elements	0.32374
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3848

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=384011#p1547743

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-3848

reference_id

CVE-2019-3848

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3848

fixed_packages

url pkg:composer/moodle/moodle@3.4.8

purl pkg:composer/moodle/moodle@3.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8

url pkg:composer/moodle/moodle@3.5.5

purl pkg:composer/moodle/moodle@3.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-3cb4-wz6x-ckcd

vulnerability	VCID-42fa-qbft-rfff

vulnerability	VCID-56wj-4124-ryd2

vulnerability	VCID-6m19-4krm-2udd

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-c1a1-z5m1-nfbc

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-fskk-cb95-uqer

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-jcsq-3q5z-4kc6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-mhm4-8kuk-t7b6

vulnerability	VCID-mkfz-e1ft-2bcw

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-nntc-dsz1-e3fp

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-pgfa-bkaw-q7cq

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5

url pkg:composer/moodle/moodle@3.6.3

purl pkg:composer/moodle/moodle@3.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2s6b-tp6p-gue1

vulnerability	VCID-a6pb-47tu-afcg

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-eu27-a3px-87ed

vulnerability	VCID-hhzz-hbqz-akfw

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-kgva-z9gg-u3dw

vulnerability	VCID-m3np-aebb-8qaa

vulnerability	VCID-n5tc-1k33-dfeq

vulnerability	VCID-paj4-nq1r-jbd3

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-w2b2-fuky-j3ff

vulnerability	VCID-w9ca-exua-g7ar

vulnerability	VCID-x7rg-rsb5-pya7

vulnerability	VCID-y8up-cqtu-jkdw

vulnerability	VCID-zwkk-zazw-6fgg

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3

aliases CVE-2019-3848, GHSA-45rw-4r25-jvg7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5

url VCID-zwkk-zazw-6fgg

vulnerability_id VCID-zwkk-zazw-6fgg

summary

Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20184

reference_id

reference_type

scores

value	0.00148
scoring_system	epss
scoring_elements	0.34896
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20184

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=417167

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=417167

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20184

reference_id

CVE-2021-20184

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20184

fixed_packages

url pkg:composer/moodle/moodle@3.8.7

purl pkg:composer/moodle/moodle@3.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7

url pkg:composer/moodle/moodle@3.9.4

purl pkg:composer/moodle/moodle@3.9.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-jcq6-btgz-fkf6

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4

url pkg:composer/moodle/moodle@3.10.1

purl pkg:composer/moodle/moodle@3.10.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-bbj9-hpz3-xqhh

vulnerability	VCID-bu6d-ns3s-fuck

vulnerability	VCID-dpd2-1sqc-qqfy

vulnerability	VCID-gnez-ehgq-rfbr

vulnerability	VCID-mqde-66zm-qbbj

vulnerability	VCID-pgfa-bkaw-q7cq

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1

aliases CVE-2021-20184, GHSA-mm73-86f9-5x5c

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.0-rc1

Package Instance