Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.2.2
Typecomposer
Namespacemoodle
Namemoodle
Version3.2.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.5.17
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-2dxb-v1af-jbax
vulnerability_id VCID-2dxb-v1af-jbax
summary 
Cross-Site Request Forgery (CSRF)
A CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7491
reference_id
reference_type
scores
0
value 0.00122
scoring_system epss
scoring_elements 0.30767
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7491
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=352355
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=352355
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
reference_id CVE-2017-7491
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7491
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-q2fa-jymp-c3bb
19
vulnerability VCID-qhv1-wgpm-7fh6
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-yghg-775s-vber
24
vulnerability VCID-yp82-zj5g-pbaf
25
vulnerability VCID-zgzm-wj81-jkah
26
vulnerability VCID-zjrq-np3y-hua5
27
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7491, GHSA-3hmr-948v-5qgq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dxb-v1af-jbax
1
url VCID-2s6b-tp6p-gue1
vulnerability_id VCID-2s6b-tp6p-gue1
summary 
Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10186
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.59199
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10186
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ea1ac3c7efbddbdb210ea4c75e7156c7d7ee914b
4
reference_url https://moodle.org/mod/forum/discuss.php?d=388567#p1566329
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=388567#p1566329
5
reference_url https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210125055044/https://www.securityfocus.com/bid/109175
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10186
reference_id CVE-2019-10186
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10186
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.7
purl pkg:composer/moodle/moodle@3.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-42fa-qbft-rfff
2
vulnerability VCID-56wj-4124-ryd2
3
vulnerability VCID-6m19-4krm-2udd
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bbj9-hpz3-xqhh
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-dpd2-1sqc-qqfy
8
vulnerability VCID-fskk-cb95-uqer
9
vulnerability VCID-gnez-ehgq-rfbr
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-mhm4-8kuk-t7b6
15
vulnerability VCID-mkfz-e1ft-2bcw
16
vulnerability VCID-mqde-66zm-qbbj
17
vulnerability VCID-nntc-dsz1-e3fp
18
vulnerability VCID-paj4-nq1r-jbd3
19
vulnerability VCID-pgfa-bkaw-q7cq
20
vulnerability VCID-w2b2-fuky-j3ff
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7
1
url pkg:composer/moodle/moodle@3.6.5
purl pkg:composer/moodle/moodle@3.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6pb-47tu-afcg
1
vulnerability VCID-hhzz-hbqz-akfw
2
vulnerability VCID-jcq6-btgz-fkf6
3
vulnerability VCID-kgva-z9gg-u3dw
4
vulnerability VCID-n5tc-1k33-dfeq
5
vulnerability VCID-paj4-nq1r-jbd3
6
vulnerability VCID-w2b2-fuky-j3ff
7
vulnerability VCID-y8up-cqtu-jkdw
8
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5
2
url pkg:composer/moodle/moodle@3.7.1
purl pkg:composer/moodle/moodle@3.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-494p-pmxw-b7e2
4
vulnerability VCID-56wj-4124-ryd2
5
vulnerability VCID-6m19-4krm-2udd
6
vulnerability VCID-a6pb-47tu-afcg
7
vulnerability VCID-c14d-1sa2-rkf6
8
vulnerability VCID-c1a1-z5m1-nfbc
9
vulnerability VCID-fskk-cb95-uqer
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-n5tc-1k33-dfeq
15
vulnerability VCID-paj4-nq1r-jbd3
16
vulnerability VCID-w2b2-fuky-j3ff
17
vulnerability VCID-y8up-cqtu-jkdw
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1
aliases CVE-2019-10186, GHSA-wv9c-pfpm-4wc5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1
2
url VCID-5rbf-4dz3-2qdz
vulnerability_id VCID-5rbf-4dz3-2qdz
summary 
Improper Privilege Management
Remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7489
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.54962
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7489
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=352353
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=352353
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
reference_id CVE-2017-7489
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7489
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-q2fa-jymp-c3bb
19
vulnerability VCID-qhv1-wgpm-7fh6
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-yghg-775s-vber
24
vulnerability VCID-yp82-zj5g-pbaf
25
vulnerability VCID-zgzm-wj81-jkah
26
vulnerability VCID-zjrq-np3y-hua5
27
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7489, GHSA-m34m-fgh4-v7cx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rbf-4dz3-2qdz
3
url VCID-83kb-4mk9-t7ge
vulnerability_id VCID-83kb-4mk9-t7ge
summary 
Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15110
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46726
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15110
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=361784
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=361784
3
reference_url http://www.securityfocus.com/bid/101909
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/101909
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
reference_id CVE-2017-15110
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-15110
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-ajkr-fxa1-mkhk
3
vulnerability VCID-b7br-bh2d-rygp
4
vulnerability VCID-ckg1-9vpt-yfdk
5
vulnerability VCID-duna-st9c-mqbk
6
vulnerability VCID-eu27-a3px-87ed
7
vulnerability VCID-fegs-ubsk-63hu
8
vulnerability VCID-g8ct-c4ce-zuaf
9
vulnerability VCID-jcq6-btgz-fkf6
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-m4zv-e3dn-budf
12
vulnerability VCID-mkfz-e1ft-2bcw
13
vulnerability VCID-nc2j-pay7-ryab
14
vulnerability VCID-nntc-dsz1-e3fp
15
vulnerability VCID-p2gd-7uam-mqf8
16
vulnerability VCID-qhv1-wgpm-7fh6
17
vulnerability VCID-w9ca-exua-g7ar
18
vulnerability VCID-x7rg-rsb5-pya7
19
vulnerability VCID-y8up-cqtu-jkdw
20
vulnerability VCID-yghg-775s-vber
21
vulnerability VCID-zjrq-np3y-hua5
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
1
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-duna-st9c-mqbk
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-fygy-9njn-abgd
12
vulnerability VCID-g8ct-c4ce-zuaf
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-m3np-aebb-8qaa
15
vulnerability VCID-m4zv-e3dn-budf
16
vulnerability VCID-mkfz-e1ft-2bcw
17
vulnerability VCID-mmg3-7fz9-5uak
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-vfp6-4h8n-bkax
23
vulnerability VCID-w9ca-exua-g7ar
24
vulnerability VCID-x7rg-rsb5-pya7
25
vulnerability VCID-x9vd-njdz-jua9
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-zjrq-np3y-hua5
29
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-15110, GHSA-rjh8-w8jg-xwq5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge
4
url VCID-9nd7-4wve-97hc
vulnerability_id VCID-9nd7-4wve-97hc
summary 
Information Exposure
Various course reports allow teachers to view details about users in the groups they cannot access.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12157
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.3106
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12157
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://github.com/moodle/moodle/commit/85b531e8beae3497ec2075e07e59c581fccb317c
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/85b531e8beae3497ec2075e07e59c581fccb317c
3
reference_url https://moodle.org/mod/forum/discuss.php?d=358586
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=358586
4
reference_url https://web.archive.org/web/20210124103841/http://www.securityfocus.com/bid/100848
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124103841/http://www.securityfocus.com/bid/100848
5
reference_url http://www.securityfocus.com/bid/100848
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100848
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
reference_id CVE-2017-12157
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12157
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.5
purl pkg:composer/moodle/moodle@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-a6pb-47tu-afcg
3
vulnerability VCID-ajkr-fxa1-mkhk
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-ckg1-9vpt-yfdk
6
vulnerability VCID-duna-st9c-mqbk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-g8ct-c4ce-zuaf
10
vulnerability VCID-jcq6-btgz-fkf6
11
vulnerability VCID-m3np-aebb-8qaa
12
vulnerability VCID-m4zv-e3dn-budf
13
vulnerability VCID-mkfz-e1ft-2bcw
14
vulnerability VCID-nc2j-pay7-ryab
15
vulnerability VCID-nntc-dsz1-e3fp
16
vulnerability VCID-p2gd-7uam-mqf8
17
vulnerability VCID-qhv1-wgpm-7fh6
18
vulnerability VCID-w9ca-exua-g7ar
19
vulnerability VCID-x7rg-rsb5-pya7
20
vulnerability VCID-y8up-cqtu-jkdw
21
vulnerability VCID-yghg-775s-vber
22
vulnerability VCID-zgzm-wj81-jkah
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5
1
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-b7br-bh2d-rygp
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-ckg1-9vpt-yfdk
9
vulnerability VCID-duna-st9c-mqbk
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fegs-ubsk-63hu
12
vulnerability VCID-fygy-9njn-abgd
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nc2j-pay7-ryab
20
vulnerability VCID-nntc-dsz1-e3fp
21
vulnerability VCID-p2gd-7uam-mqf8
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vfp6-4h8n-bkax
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-x9vd-njdz-jua9
27
vulnerability VCID-y8up-cqtu-jkdw
28
vulnerability VCID-yghg-775s-vber
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-12157, GHSA-gw95-48xq-gqf9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc
5
url VCID-a6pb-47tu-afcg
vulnerability_id VCID-a6pb-47tu-afcg
summary 
Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-1692
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36547
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-1692
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1692
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-1692
reference_id CVE-2020-1692
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-1692
fixed_packages
0
url pkg:composer/moodle/moodle@3.7.2
purl pkg:composer/moodle/moodle@3.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-56wj-4124-ryd2
4
vulnerability VCID-6m19-4krm-2udd
5
vulnerability VCID-c14d-1sa2-rkf6
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-fskk-cb95-uqer
8
vulnerability VCID-hhzz-hbqz-akfw
9
vulnerability VCID-jcq6-btgz-fkf6
10
vulnerability VCID-jcsq-3q5z-4kc6
11
vulnerability VCID-kgva-z9gg-u3dw
12
vulnerability VCID-n5tc-1k33-dfeq
13
vulnerability VCID-paj4-nq1r-jbd3
14
vulnerability VCID-w2b2-fuky-j3ff
15
vulnerability VCID-y8up-cqtu-jkdw
16
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2
aliases CVE-2020-1692, GHSA-9328-7pcw-vw69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg
6
url VCID-ajkr-fxa1-mkhk
vulnerability_id VCID-ajkr-fxa1-mkhk
summary 
Cross-site Scripting
Moodle is vulnerable to XSS via a calendar event name.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1045
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.46987
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1045
1
reference_url https://moodle.org/mod/forum/discuss.php?d=364384
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=364384
2
reference_url https://web.archive.org/web/20210124134120/http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124134120/http://www.securityfocus.com/bid/102755
3
reference_url http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102755
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1045
reference_id CVE-2018-1045
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1045
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-b7br-bh2d-rygp
3
vulnerability VCID-ckg1-9vpt-yfdk
4
vulnerability VCID-eu27-a3px-87ed
5
vulnerability VCID-fegs-ubsk-63hu
6
vulnerability VCID-g8ct-c4ce-zuaf
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-m3np-aebb-8qaa
9
vulnerability VCID-m4zv-e3dn-budf
10
vulnerability VCID-mkfz-e1ft-2bcw
11
vulnerability VCID-nntc-dsz1-e3fp
12
vulnerability VCID-p2gd-7uam-mqf8
13
vulnerability VCID-qhv1-wgpm-7fh6
14
vulnerability VCID-w9ca-exua-g7ar
15
vulnerability VCID-x7rg-rsb5-pya7
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-fygy-9njn-abgd
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-mmg3-7fz9-5uak
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-vfp6-4h8n-bkax
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-x9vd-njdz-jua9
23
vulnerability VCID-y8up-cqtu-jkdw
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
aliases CVE-2018-1045, GHSA-595j-wpfg-23w4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk
7
url VCID-b1q7-u3cx-ukej
vulnerability_id VCID-b1q7-u3cx-ukej
summary 
Cross-site Scripting
There is XSS in the Course summary filter of the "Add a new course" page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7298
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47785
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7298
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url http://www.daimacn.com/index.php/post/12.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.daimacn.com/index.php/post/12.html
3
reference_url http://www.daimacn.com/post/12.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.daimacn.com/post/12.html
4
reference_url http://www.securityfocus.com/bid/97182
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/97182
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7298
reference_id CVE-2017-7298
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7298
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-q2fa-jymp-c3bb
19
vulnerability VCID-qhv1-wgpm-7fh6
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-yghg-775s-vber
24
vulnerability VCID-yp82-zj5g-pbaf
25
vulnerability VCID-zgzm-wj81-jkah
26
vulnerability VCID-zjrq-np3y-hua5
27
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7298, GHSA-4m6v-x9fj-847j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1q7-u3cx-ukej
8
url VCID-b7br-bh2d-rygp
vulnerability_id VCID-b7br-bh2d-rygp
summary 
Improper Input Validation
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1137
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50293
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1137
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=371204
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=371204
3
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104307
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
reference_id CVE-2018-1137
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-eu27-a3px-87ed
6
vulnerability VCID-jcq6-btgz-fkf6
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-mkfz-e1ft-2bcw
9
vulnerability VCID-mmg3-7fz9-5uak
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-qhv1-wgpm-7fh6
12
vulnerability VCID-vfp6-4h8n-bkax
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-x9vd-njdz-jua9
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-deur-8zdf-2kh2
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-mmg3-7fz9-5uak
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-qxsq-ku22-r7gx
16
vulnerability VCID-r6kn-b963-eqge
17
vulnerability VCID-s6uu-335k-yfbc
18
vulnerability VCID-vfp6-4h8n-bkax
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-x9vd-njdz-jua9
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1137, GHSA-vxqh-mx28-7ghw
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp
9
url VCID-ckg1-9vpt-yfdk
vulnerability_id VCID-ckg1-9vpt-yfdk
summary 
Improper Privilege Management
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1134
reference_id
reference_type
scores
0
value 0.00116
scoring_system epss
scoring_elements 0.29886
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1134
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=371200
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=371200
3
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104307
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
reference_id CVE-2018-1134
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-eu27-a3px-87ed
6
vulnerability VCID-jcq6-btgz-fkf6
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-mkfz-e1ft-2bcw
9
vulnerability VCID-mmg3-7fz9-5uak
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-qhv1-wgpm-7fh6
12
vulnerability VCID-vfp6-4h8n-bkax
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-x9vd-njdz-jua9
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-deur-8zdf-2kh2
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-mmg3-7fz9-5uak
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-qxsq-ku22-r7gx
16
vulnerability VCID-r6kn-b963-eqge
17
vulnerability VCID-s6uu-335k-yfbc
18
vulnerability VCID-vfp6-4h8n-bkax
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-x9vd-njdz-jua9
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1134, GHSA-xjx9-7c29-pwmm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk
10
url VCID-duna-st9c-mqbk
vulnerability_id VCID-duna-st9c-mqbk
summary 
Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1044
reference_id
reference_type
scores
0
value 0.00185
scoring_system epss
scoring_elements 0.3998
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1044
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=364383
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=364383
3
reference_url http://www.securityfocus.com/bid/102754
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/102754
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1044
reference_id CVE-2018-1044
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1044
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-b7br-bh2d-rygp
3
vulnerability VCID-ckg1-9vpt-yfdk
4
vulnerability VCID-eu27-a3px-87ed
5
vulnerability VCID-fegs-ubsk-63hu
6
vulnerability VCID-g8ct-c4ce-zuaf
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-m3np-aebb-8qaa
9
vulnerability VCID-m4zv-e3dn-budf
10
vulnerability VCID-mkfz-e1ft-2bcw
11
vulnerability VCID-nntc-dsz1-e3fp
12
vulnerability VCID-p2gd-7uam-mqf8
13
vulnerability VCID-qhv1-wgpm-7fh6
14
vulnerability VCID-w9ca-exua-g7ar
15
vulnerability VCID-x7rg-rsb5-pya7
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-fygy-9njn-abgd
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-mmg3-7fz9-5uak
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-vfp6-4h8n-bkax
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-x9vd-njdz-jua9
23
vulnerability VCID-y8up-cqtu-jkdw
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-fygy-9njn-abgd
12
vulnerability VCID-g8ct-c4ce-zuaf
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-k73h-z6j8-gkgz
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-qxsq-ku22-r7gx
23
vulnerability VCID-r6kn-b963-eqge
24
vulnerability VCID-s6uu-335k-yfbc
25
vulnerability VCID-vfp6-4h8n-bkax
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-x9vd-njdz-jua9
29
vulnerability VCID-y8up-cqtu-jkdw
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1044, GHSA-332g-xh34-5c96
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk
11
url VCID-eu27-a3px-87ed
vulnerability_id VCID-eu27-a3px-87ed
summary 
Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10189
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36022
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10189
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10189
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=388570
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=388570
4
reference_url http://www.securityfocus.com/bid/109271
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/109271
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10189
reference_id CVE-2019-10189
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10189
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.7
purl pkg:composer/moodle/moodle@3.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-42fa-qbft-rfff
2
vulnerability VCID-56wj-4124-ryd2
3
vulnerability VCID-6m19-4krm-2udd
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bbj9-hpz3-xqhh
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-dpd2-1sqc-qqfy
8
vulnerability VCID-fskk-cb95-uqer
9
vulnerability VCID-gnez-ehgq-rfbr
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-mhm4-8kuk-t7b6
15
vulnerability VCID-mkfz-e1ft-2bcw
16
vulnerability VCID-mqde-66zm-qbbj
17
vulnerability VCID-nntc-dsz1-e3fp
18
vulnerability VCID-paj4-nq1r-jbd3
19
vulnerability VCID-pgfa-bkaw-q7cq
20
vulnerability VCID-w2b2-fuky-j3ff
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7
1
url pkg:composer/moodle/moodle@3.6.5
purl pkg:composer/moodle/moodle@3.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6pb-47tu-afcg
1
vulnerability VCID-hhzz-hbqz-akfw
2
vulnerability VCID-jcq6-btgz-fkf6
3
vulnerability VCID-kgva-z9gg-u3dw
4
vulnerability VCID-n5tc-1k33-dfeq
5
vulnerability VCID-paj4-nq1r-jbd3
6
vulnerability VCID-w2b2-fuky-j3ff
7
vulnerability VCID-y8up-cqtu-jkdw
8
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5
2
url pkg:composer/moodle/moodle@3.7.1
purl pkg:composer/moodle/moodle@3.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-494p-pmxw-b7e2
4
vulnerability VCID-56wj-4124-ryd2
5
vulnerability VCID-6m19-4krm-2udd
6
vulnerability VCID-a6pb-47tu-afcg
7
vulnerability VCID-c14d-1sa2-rkf6
8
vulnerability VCID-c1a1-z5m1-nfbc
9
vulnerability VCID-fskk-cb95-uqer
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-n5tc-1k33-dfeq
15
vulnerability VCID-paj4-nq1r-jbd3
16
vulnerability VCID-w2b2-fuky-j3ff
17
vulnerability VCID-y8up-cqtu-jkdw
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1
aliases CVE-2019-10189, GHSA-h7xp-7fjp-ghhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed
12
url VCID-fegs-ubsk-63hu
vulnerability_id VCID-fegs-ubsk-63hu
summary 
Information Exposure
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1135
reference_id
reference_type
scores
0
value 0.00176
scoring_system epss
scoring_elements 0.38842
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1135
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=371201
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=371201
3
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104307
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
reference_id CVE-2018-1135
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-eu27-a3px-87ed
6
vulnerability VCID-jcq6-btgz-fkf6
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-mkfz-e1ft-2bcw
9
vulnerability VCID-mmg3-7fz9-5uak
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-qhv1-wgpm-7fh6
12
vulnerability VCID-vfp6-4h8n-bkax
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-x9vd-njdz-jua9
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-deur-8zdf-2kh2
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-mmg3-7fz9-5uak
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-qxsq-ku22-r7gx
16
vulnerability VCID-r6kn-b963-eqge
17
vulnerability VCID-s6uu-335k-yfbc
18
vulnerability VCID-vfp6-4h8n-bkax
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-x9vd-njdz-jua9
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1135, GHSA-vxmv-74rf-vqgp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu
13
url VCID-g8ct-c4ce-zuaf
vulnerability_id VCID-g8ct-c4ce-zuaf
summary 
Cross-site Scripting
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1136
reference_id
reference_type
scores
0
value 0.00194
scoring_system epss
scoring_elements 0.41148
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1136
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=371202
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=371202
3
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104307
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
reference_id CVE-2018-1136
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-eu27-a3px-87ed
6
vulnerability VCID-jcq6-btgz-fkf6
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-mkfz-e1ft-2bcw
9
vulnerability VCID-mmg3-7fz9-5uak
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-qhv1-wgpm-7fh6
12
vulnerability VCID-vfp6-4h8n-bkax
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-x9vd-njdz-jua9
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-deur-8zdf-2kh2
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-mmg3-7fz9-5uak
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-qxsq-ku22-r7gx
16
vulnerability VCID-r6kn-b963-eqge
17
vulnerability VCID-s6uu-335k-yfbc
18
vulnerability VCID-vfp6-4h8n-bkax
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-x9vd-njdz-jua9
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1136, GHSA-xhfw-wjjc-4j5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf
14
url VCID-jcq6-btgz-fkf6
vulnerability_id VCID-jcq6-btgz-fkf6
summary 
Cross-site Scripting
It was found in Moodle that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20183
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.64171
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20183
1
reference_url https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/dc9de7b0d487b73c23c221dc0b8b6e01654921f3
2
reference_url https://moodle.org/mod/forum/discuss.php?d=417166
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=417166
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20183
reference_id CVE-2021-20183
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20183
fixed_packages
0
url pkg:composer/moodle/moodle@3.10.1
purl pkg:composer/moodle/moodle@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-bu6d-ns3s-fuck
2
vulnerability VCID-dpd2-1sqc-qqfy
3
vulnerability VCID-gnez-ehgq-rfbr
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1
1
url pkg:composer/moodle/moodle@4.0.0-beta
purl pkg:composer/moodle/moodle@4.0.0-beta
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0-beta
aliases CVE-2021-20183, GHSA-xhfx-rm8q-c3xv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jcq6-btgz-fkf6
15
url VCID-m3np-aebb-8qaa
vulnerability_id VCID-m3np-aebb-8qaa
summary 
Improper Access Control
A web service fetching messages was not restricted to the current user's conversations.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10154
reference_id
reference_type
scores
0
value 0.00236
scoring_system epss
scoring_elements 0.4672
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10154
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10154
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/2904a7f851da8e66be12f41d55068bf07817fbd6
4
reference_url https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a3d19efab4aff83c07db9f0ad34c8f0e1f29c64c
5
reference_url https://moodle.org/mod/forum/discuss.php?d=386521
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=386521
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10154
reference_id CVE-2019-10154
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10154
fixed_packages
0
url pkg:composer/moodle/moodle@3.6.4
purl pkg:composer/moodle/moodle@3.6.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-hhzz-hbqz-akfw
4
vulnerability VCID-jcq6-btgz-fkf6
5
vulnerability VCID-kgva-z9gg-u3dw
6
vulnerability VCID-n5tc-1k33-dfeq
7
vulnerability VCID-paj4-nq1r-jbd3
8
vulnerability VCID-w2b2-fuky-j3ff
9
vulnerability VCID-w9ca-exua-g7ar
10
vulnerability VCID-x7rg-rsb5-pya7
11
vulnerability VCID-y8up-cqtu-jkdw
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4
aliases CVE-2019-10154, GHSA-ww45-x87c-wgff
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3np-aebb-8qaa
16
url VCID-m4zv-e3dn-budf
vulnerability_id VCID-m4zv-e3dn-budf
summary 
Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1081
reference_id
reference_type
scores
0
value 0.00927
scoring_system epss
scoring_elements 0.76428
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1081
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-61392
3
reference_url https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=367938
4
reference_url http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/103728
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id CVE-2018-1081
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.8
purl pkg:composer/moodle/moodle@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-b7br-bh2d-rygp
3
vulnerability VCID-ckg1-9vpt-yfdk
4
vulnerability VCID-eu27-a3px-87ed
5
vulnerability VCID-fegs-ubsk-63hu
6
vulnerability VCID-g8ct-c4ce-zuaf
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-m3np-aebb-8qaa
9
vulnerability VCID-mkfz-e1ft-2bcw
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-p2gd-7uam-mqf8
12
vulnerability VCID-qhv1-wgpm-7fh6
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-y8up-cqtu-jkdw
16
vulnerability VCID-zjrq-np3y-hua5
17
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8
1
url pkg:composer/moodle/moodle@3.3.5
purl pkg:composer/moodle/moodle@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-g8ct-c4ce-zuaf
10
vulnerability VCID-jcq6-btgz-fkf6
11
vulnerability VCID-m3np-aebb-8qaa
12
vulnerability VCID-mkfz-e1ft-2bcw
13
vulnerability VCID-mmg3-7fz9-5uak
14
vulnerability VCID-nntc-dsz1-e3fp
15
vulnerability VCID-p2gd-7uam-mqf8
16
vulnerability VCID-qhv1-wgpm-7fh6
17
vulnerability VCID-vfp6-4h8n-bkax
18
vulnerability VCID-w9ca-exua-g7ar
19
vulnerability VCID-x7rg-rsb5-pya7
20
vulnerability VCID-x9vd-njdz-jua9
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-zjrq-np3y-hua5
23
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5
2
url pkg:composer/moodle/moodle@3.4.2
purl pkg:composer/moodle/moodle@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-g8ct-c4ce-zuaf
12
vulnerability VCID-jcq6-btgz-fkf6
13
vulnerability VCID-k73h-z6j8-gkgz
14
vulnerability VCID-m3np-aebb-8qaa
15
vulnerability VCID-mkfz-e1ft-2bcw
16
vulnerability VCID-mmg3-7fz9-5uak
17
vulnerability VCID-nntc-dsz1-e3fp
18
vulnerability VCID-p2gd-7uam-mqf8
19
vulnerability VCID-qhv1-wgpm-7fh6
20
vulnerability VCID-qxsq-ku22-r7gx
21
vulnerability VCID-r6kn-b963-eqge
22
vulnerability VCID-s6uu-335k-yfbc
23
vulnerability VCID-vfp6-4h8n-bkax
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-x9vd-njdz-jua9
27
vulnerability VCID-y8up-cqtu-jkdw
28
vulnerability VCID-zjrq-np3y-hua5
29
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2
aliases CVE-2018-1081, GHSA-v9xq-vh72-chr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf
17
url VCID-mkfz-e1ft-2bcw
vulnerability_id VCID-mkfz-e1ft-2bcw
summary 
Code Injection
It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20187
reference_id
reference_type
scores
0
value 0.00679
scoring_system epss
scoring_elements 0.7197
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20187
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=417171
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=417171
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20187
reference_id CVE-2021-20187
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20187
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.16
purl pkg:composer/moodle/moodle@3.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
6
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16
1
url pkg:composer/moodle/moodle@3.8.7
purl pkg:composer/moodle/moodle@3.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7
2
url pkg:composer/moodle/moodle@3.9.4
purl pkg:composer/moodle/moodle@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4
3
url pkg:composer/moodle/moodle@3.10.1
purl pkg:composer/moodle/moodle@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-bu6d-ns3s-fuck
2
vulnerability VCID-dpd2-1sqc-qqfy
3
vulnerability VCID-gnez-ehgq-rfbr
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1
aliases CVE-2021-20187, GHSA-2jrm-gww7-wch2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkfz-e1ft-2bcw
18
url VCID-nc2j-pay7-ryab
vulnerability_id VCID-nc2j-pay7-ryab
summary 
Insufficient Access Control
The setting for blocked hosts list can be bypassed with multiple A record `hostnames`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1043
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29362
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1043
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=364382
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=364382
3
reference_url http://www.securityfocus.com/bid/102769
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/102769
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1043
reference_id CVE-2018-1043
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1043
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-b7br-bh2d-rygp
3
vulnerability VCID-ckg1-9vpt-yfdk
4
vulnerability VCID-eu27-a3px-87ed
5
vulnerability VCID-fegs-ubsk-63hu
6
vulnerability VCID-g8ct-c4ce-zuaf
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-m3np-aebb-8qaa
9
vulnerability VCID-m4zv-e3dn-budf
10
vulnerability VCID-mkfz-e1ft-2bcw
11
vulnerability VCID-nntc-dsz1-e3fp
12
vulnerability VCID-p2gd-7uam-mqf8
13
vulnerability VCID-qhv1-wgpm-7fh6
14
vulnerability VCID-w9ca-exua-g7ar
15
vulnerability VCID-x7rg-rsb5-pya7
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-fygy-9njn-abgd
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-mmg3-7fz9-5uak
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-vfp6-4h8n-bkax
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-x9vd-njdz-jua9
23
vulnerability VCID-y8up-cqtu-jkdw
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-fygy-9njn-abgd
12
vulnerability VCID-g8ct-c4ce-zuaf
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-k73h-z6j8-gkgz
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-qxsq-ku22-r7gx
23
vulnerability VCID-r6kn-b963-eqge
24
vulnerability VCID-s6uu-335k-yfbc
25
vulnerability VCID-vfp6-4h8n-bkax
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-x9vd-njdz-jua9
29
vulnerability VCID-y8up-cqtu-jkdw
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1043, GHSA-hpwm-84h5-vqr8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab
19
url VCID-nntc-dsz1-e3fp
vulnerability_id VCID-nntc-dsz1-e3fp
summary 
Cross-site Scripting
It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20186
reference_id
reference_type
scores
0
value 0.0053
scoring_system epss
scoring_elements 0.67569
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20186
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=417170
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=417170
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20186
reference_id CVE-2021-20186
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20186
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.16
purl pkg:composer/moodle/moodle@3.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
6
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.16
1
url pkg:composer/moodle/moodle@3.8.7
purl pkg:composer/moodle/moodle@3.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7
2
url pkg:composer/moodle/moodle@3.9.4
purl pkg:composer/moodle/moodle@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4
3
url pkg:composer/moodle/moodle@3.10.1
purl pkg:composer/moodle/moodle@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-bu6d-ns3s-fuck
2
vulnerability VCID-dpd2-1sqc-qqfy
3
vulnerability VCID-gnez-ehgq-rfbr
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1
aliases CVE-2021-20186, GHSA-h8m4-h385-qhqv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nntc-dsz1-e3fp
20
url VCID-p2gd-7uam-mqf8
vulnerability_id VCID-p2gd-7uam-mqf8
summary 
Injection Vulnerability
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1133
reference_id
reference_type
scores
0
value 0.40785
scoring_system epss
scoring_elements 0.97448
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1133
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=371199
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=371199
3
reference_url https://www.exploit-db.com/exploits/46551
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46551
4
reference_url https://www.exploit-db.com/exploits/46551/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46551/
5
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/104307
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46551.php
reference_id CVE-2018-1133
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46551.php
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
reference_id CVE-2018-1133
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-eu27-a3px-87ed
6
vulnerability VCID-jcq6-btgz-fkf6
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-mkfz-e1ft-2bcw
9
vulnerability VCID-mmg3-7fz9-5uak
10
vulnerability VCID-nntc-dsz1-e3fp
11
vulnerability VCID-qhv1-wgpm-7fh6
12
vulnerability VCID-vfp6-4h8n-bkax
13
vulnerability VCID-w9ca-exua-g7ar
14
vulnerability VCID-x7rg-rsb5-pya7
15
vulnerability VCID-x9vd-njdz-jua9
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-deur-8zdf-2kh2
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-mmg3-7fz9-5uak
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-qxsq-ku22-r7gx
16
vulnerability VCID-r6kn-b963-eqge
17
vulnerability VCID-s6uu-335k-yfbc
18
vulnerability VCID-vfp6-4h8n-bkax
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-x9vd-njdz-jua9
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1133, GHSA-xh2j-q4mc-v522
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8
21
url VCID-q2fa-jymp-c3bb
vulnerability_id VCID-q2fa-jymp-c3bb
summary 
Information Exposure
Moodle has a user fullname disclosure through the user preferences page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2642
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.37265
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2642
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=355554
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=355554
3
reference_url http://www.securityfocus.com/bid/99606
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/99606
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
reference_id CVE-2017-2642
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2642
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-yghg-775s-vber
23
vulnerability VCID-zgzm-wj81-jkah
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
1
url pkg:composer/moodle/moodle@3.3.1
purl pkg:composer/moodle/moodle@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b7br-bh2d-rygp
8
vulnerability VCID-bjnq-q2nd-1khp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-fygy-9njn-abgd
14
vulnerability VCID-g8ct-c4ce-zuaf
15
vulnerability VCID-jcq6-btgz-fkf6
16
vulnerability VCID-m3np-aebb-8qaa
17
vulnerability VCID-m4zv-e3dn-budf
18
vulnerability VCID-mkfz-e1ft-2bcw
19
vulnerability VCID-mmg3-7fz9-5uak
20
vulnerability VCID-nc2j-pay7-ryab
21
vulnerability VCID-nntc-dsz1-e3fp
22
vulnerability VCID-p2gd-7uam-mqf8
23
vulnerability VCID-q2fa-jymp-c3bb
24
vulnerability VCID-qhv1-wgpm-7fh6
25
vulnerability VCID-vfp6-4h8n-bkax
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-x9vd-njdz-jua9
29
vulnerability VCID-y8up-cqtu-jkdw
30
vulnerability VCID-yghg-775s-vber
31
vulnerability VCID-yp82-zj5g-pbaf
32
vulnerability VCID-zgzm-wj81-jkah
33
vulnerability VCID-zjrq-np3y-hua5
34
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.1
2
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-b7br-bh2d-rygp
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-ckg1-9vpt-yfdk
9
vulnerability VCID-duna-st9c-mqbk
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fegs-ubsk-63hu
12
vulnerability VCID-fygy-9njn-abgd
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nc2j-pay7-ryab
20
vulnerability VCID-nntc-dsz1-e3fp
21
vulnerability VCID-p2gd-7uam-mqf8
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vfp6-4h8n-bkax
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-x9vd-njdz-jua9
27
vulnerability VCID-y8up-cqtu-jkdw
28
vulnerability VCID-yghg-775s-vber
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-2642, GHSA-54r2-r67g-fr9m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb
22
url VCID-qhv1-wgpm-7fh6
vulnerability_id VCID-qhv1-wgpm-7fh6
summary 
Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3849
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59366
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3849
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/427463a52574e4b3bcbe1c65c49066438770641e
4
reference_url https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/430f685834cef190bdf58afabe79e765d596890d
5
reference_url https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/723d1a747555b795ed53a0fad01da455797bb78f
6
reference_url https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/898d5d05a0c3ae6795db0241bf3cb5951213d45c
7
reference_url https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/b77dcd23d8e39265b5c096f0d947764c02d832c8
8
reference_url https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/cd3060d941a051931eb2613b25bafb0108665895
9
reference_url https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/fba7dcd90abd45210d782a79c6e25bb3840c7438
10
reference_url https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3849
reference_id CVE-2019-3849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3849
fixed_packages
0
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-deur-8zdf-2kh2
3
vulnerability VCID-eu27-a3px-87ed
4
vulnerability VCID-jcq6-btgz-fkf6
5
vulnerability VCID-m3np-aebb-8qaa
6
vulnerability VCID-mkfz-e1ft-2bcw
7
vulnerability VCID-nntc-dsz1-e3fp
8
vulnerability VCID-qxsq-ku22-r7gx
9
vulnerability VCID-w9ca-exua-g7ar
10
vulnerability VCID-x7rg-rsb5-pya7
11
vulnerability VCID-y8up-cqtu-jkdw
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
1
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-3cb4-wz6x-ckcd
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-56wj-4124-ryd2
4
vulnerability VCID-6m19-4krm-2udd
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-bbj9-hpz3-xqhh
7
vulnerability VCID-c1a1-z5m1-nfbc
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-dpd2-1sqc-qqfy
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fskk-cb95-uqer
12
vulnerability VCID-gnez-ehgq-rfbr
13
vulnerability VCID-hhzz-hbqz-akfw
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-jcsq-3q5z-4kc6
16
vulnerability VCID-kgva-z9gg-u3dw
17
vulnerability VCID-m3np-aebb-8qaa
18
vulnerability VCID-mhm4-8kuk-t7b6
19
vulnerability VCID-mkfz-e1ft-2bcw
20
vulnerability VCID-mqde-66zm-qbbj
21
vulnerability VCID-nntc-dsz1-e3fp
22
vulnerability VCID-paj4-nq1r-jbd3
23
vulnerability VCID-pgfa-bkaw-q7cq
24
vulnerability VCID-qxsq-ku22-r7gx
25
vulnerability VCID-w2b2-fuky-j3ff
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-y8up-cqtu-jkdw
29
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
2
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-deur-8zdf-2kh2
3
vulnerability VCID-eu27-a3px-87ed
4
vulnerability VCID-hhzz-hbqz-akfw
5
vulnerability VCID-jcq6-btgz-fkf6
6
vulnerability VCID-kgva-z9gg-u3dw
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-n5tc-1k33-dfeq
9
vulnerability VCID-paj4-nq1r-jbd3
10
vulnerability VCID-qxsq-ku22-r7gx
11
vulnerability VCID-w2b2-fuky-j3ff
12
vulnerability VCID-w9ca-exua-g7ar
13
vulnerability VCID-x7rg-rsb5-pya7
14
vulnerability VCID-y8up-cqtu-jkdw
15
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3849, GHSA-5wg9-5w3f-hxmh
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6
23
url VCID-vtq4-fpr8-hudb
vulnerability_id VCID-vtq4-fpr8-hudb
summary 
Exposure of Resource to Wrong Sphere
In Moodle, searching of arbitrary blogs is possible because a capability check is missing.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7490
reference_id
reference_type
scores
0
value 0.00295
scoring_system epss
scoring_elements 0.53036
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7490
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=352354
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=352354
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
reference_id CVE-2017-7490
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7490
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.3
purl pkg:composer/moodle/moodle@3.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-q2fa-jymp-c3bb
19
vulnerability VCID-qhv1-wgpm-7fh6
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-y8up-cqtu-jkdw
23
vulnerability VCID-yghg-775s-vber
24
vulnerability VCID-yp82-zj5g-pbaf
25
vulnerability VCID-zgzm-wj81-jkah
26
vulnerability VCID-zjrq-np3y-hua5
27
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3
aliases CVE-2017-7490, GHSA-9x63-m3cc-qf3g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vtq4-fpr8-hudb
24
url VCID-w9ca-exua-g7ar
vulnerability_id VCID-w9ca-exua-g7ar
summary 
Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10188
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36022
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10188
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10188
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=388569
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=388569
4
reference_url http://www.securityfocus.com/bid/109178
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/109178
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10188
reference_id CVE-2019-10188
reference_type
scores
0
value 4.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10188
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.7
purl pkg:composer/moodle/moodle@3.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-42fa-qbft-rfff
2
vulnerability VCID-56wj-4124-ryd2
3
vulnerability VCID-6m19-4krm-2udd
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bbj9-hpz3-xqhh
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-dpd2-1sqc-qqfy
8
vulnerability VCID-fskk-cb95-uqer
9
vulnerability VCID-gnez-ehgq-rfbr
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-mhm4-8kuk-t7b6
15
vulnerability VCID-mkfz-e1ft-2bcw
16
vulnerability VCID-mqde-66zm-qbbj
17
vulnerability VCID-nntc-dsz1-e3fp
18
vulnerability VCID-paj4-nq1r-jbd3
19
vulnerability VCID-pgfa-bkaw-q7cq
20
vulnerability VCID-w2b2-fuky-j3ff
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7
1
url pkg:composer/moodle/moodle@3.6.5
purl pkg:composer/moodle/moodle@3.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6pb-47tu-afcg
1
vulnerability VCID-hhzz-hbqz-akfw
2
vulnerability VCID-jcq6-btgz-fkf6
3
vulnerability VCID-kgva-z9gg-u3dw
4
vulnerability VCID-n5tc-1k33-dfeq
5
vulnerability VCID-paj4-nq1r-jbd3
6
vulnerability VCID-w2b2-fuky-j3ff
7
vulnerability VCID-y8up-cqtu-jkdw
8
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5
2
url pkg:composer/moodle/moodle@3.7.1
purl pkg:composer/moodle/moodle@3.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-494p-pmxw-b7e2
4
vulnerability VCID-56wj-4124-ryd2
5
vulnerability VCID-6m19-4krm-2udd
6
vulnerability VCID-a6pb-47tu-afcg
7
vulnerability VCID-c14d-1sa2-rkf6
8
vulnerability VCID-c1a1-z5m1-nfbc
9
vulnerability VCID-fskk-cb95-uqer
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-n5tc-1k33-dfeq
15
vulnerability VCID-paj4-nq1r-jbd3
16
vulnerability VCID-w2b2-fuky-j3ff
17
vulnerability VCID-y8up-cqtu-jkdw
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1
aliases CVE-2019-10188, GHSA-92q5-2h76-vgmj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar
25
url VCID-x7rg-rsb5-pya7
vulnerability_id VCID-x7rg-rsb5-pya7
summary 
Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10187
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36022
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10187
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10187
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=388568#p1566330
4
reference_url http://www.securityfocus.com/bid/109174
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/109174
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10187
reference_id CVE-2019-10187
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10187
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.7
purl pkg:composer/moodle/moodle@3.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-42fa-qbft-rfff
2
vulnerability VCID-56wj-4124-ryd2
3
vulnerability VCID-6m19-4krm-2udd
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-bbj9-hpz3-xqhh
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-dpd2-1sqc-qqfy
8
vulnerability VCID-fskk-cb95-uqer
9
vulnerability VCID-gnez-ehgq-rfbr
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-mhm4-8kuk-t7b6
15
vulnerability VCID-mkfz-e1ft-2bcw
16
vulnerability VCID-mqde-66zm-qbbj
17
vulnerability VCID-nntc-dsz1-e3fp
18
vulnerability VCID-paj4-nq1r-jbd3
19
vulnerability VCID-pgfa-bkaw-q7cq
20
vulnerability VCID-w2b2-fuky-j3ff
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7
1
url pkg:composer/moodle/moodle@3.6.5
purl pkg:composer/moodle/moodle@3.6.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6pb-47tu-afcg
1
vulnerability VCID-hhzz-hbqz-akfw
2
vulnerability VCID-jcq6-btgz-fkf6
3
vulnerability VCID-kgva-z9gg-u3dw
4
vulnerability VCID-n5tc-1k33-dfeq
5
vulnerability VCID-paj4-nq1r-jbd3
6
vulnerability VCID-w2b2-fuky-j3ff
7
vulnerability VCID-y8up-cqtu-jkdw
8
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.5
2
url pkg:composer/moodle/moodle@3.7.1
purl pkg:composer/moodle/moodle@3.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-494p-pmxw-b7e2
4
vulnerability VCID-56wj-4124-ryd2
5
vulnerability VCID-6m19-4krm-2udd
6
vulnerability VCID-a6pb-47tu-afcg
7
vulnerability VCID-c14d-1sa2-rkf6
8
vulnerability VCID-c1a1-z5m1-nfbc
9
vulnerability VCID-fskk-cb95-uqer
10
vulnerability VCID-hhzz-hbqz-akfw
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-jcsq-3q5z-4kc6
13
vulnerability VCID-kgva-z9gg-u3dw
14
vulnerability VCID-n5tc-1k33-dfeq
15
vulnerability VCID-paj4-nq1r-jbd3
16
vulnerability VCID-w2b2-fuky-j3ff
17
vulnerability VCID-y8up-cqtu-jkdw
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1
aliases CVE-2019-10187, GHSA-2mg9-hv69-897x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7
26
url VCID-y8up-cqtu-jkdw
vulnerability_id VCID-y8up-cqtu-jkdw
summary 
Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-18210
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63483
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-18210
1
reference_url https://docs.moodle.org/38/en/Teacher_role
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.moodle.org/38/en/Teacher_role
2
reference_url https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/Danbardo/4a6b0fe8cb21ec6d7c54e6ac951bdb0a
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-18210
reference_id CVE-2019-18210
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-18210
fixed_packages
0
url pkg:composer/moodle/moodle@3.7.3
purl pkg:composer/moodle/moodle@3.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cb4-wz6x-ckcd
1
vulnerability VCID-3uvf-6ztd-xkaf
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-56wj-4124-ryd2
4
vulnerability VCID-6m19-4krm-2udd
5
vulnerability VCID-c14d-1sa2-rkf6
6
vulnerability VCID-c1a1-z5m1-nfbc
7
vulnerability VCID-fskk-cb95-uqer
8
vulnerability VCID-hhzz-hbqz-akfw
9
vulnerability VCID-jcq6-btgz-fkf6
10
vulnerability VCID-jcsq-3q5z-4kc6
11
vulnerability VCID-kgva-z9gg-u3dw
12
vulnerability VCID-paj4-nq1r-jbd3
13
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3
aliases CVE-2019-18210, GHSA-q6vw-27c6-jv9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw
27
url VCID-yghg-775s-vber
vulnerability_id VCID-yghg-775s-vber
summary 
Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.
references
0
reference_url http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1042
reference_id
reference_type
scores
0
value 0.12866
scoring_system epss
scoring_elements 0.94175
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1042
2
reference_url https://github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/f1d1a60e0ac8549c08e66062f3cd0110e4a92e24
3
reference_url https://moodle.org/mod/forum/discuss.php?d=364381
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=364381
4
reference_url https://web.archive.org/web/20210124134113/http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124134113/http://www.securityfocus.com/bid/102752
5
reference_url http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/102752
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47177.txt
reference_id CVE-2018-1042
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47177.txt
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1042
reference_id CVE-2018-1042
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1042
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.7
purl pkg:composer/moodle/moodle@3.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-b7br-bh2d-rygp
3
vulnerability VCID-ckg1-9vpt-yfdk
4
vulnerability VCID-eu27-a3px-87ed
5
vulnerability VCID-fegs-ubsk-63hu
6
vulnerability VCID-g8ct-c4ce-zuaf
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-m3np-aebb-8qaa
9
vulnerability VCID-m4zv-e3dn-budf
10
vulnerability VCID-mkfz-e1ft-2bcw
11
vulnerability VCID-nntc-dsz1-e3fp
12
vulnerability VCID-p2gd-7uam-mqf8
13
vulnerability VCID-qhv1-wgpm-7fh6
14
vulnerability VCID-w9ca-exua-g7ar
15
vulnerability VCID-x7rg-rsb5-pya7
16
vulnerability VCID-y8up-cqtu-jkdw
17
vulnerability VCID-zjrq-np3y-hua5
18
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7
1
url pkg:composer/moodle/moodle@3.3.4
purl pkg:composer/moodle/moodle@3.3.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-fygy-9njn-abgd
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-mmg3-7fz9-5uak
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-vfp6-4h8n-bkax
20
vulnerability VCID-w9ca-exua-g7ar
21
vulnerability VCID-x7rg-rsb5-pya7
22
vulnerability VCID-x9vd-njdz-jua9
23
vulnerability VCID-y8up-cqtu-jkdw
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4
2
url pkg:composer/moodle/moodle@3.4.1
purl pkg:composer/moodle/moodle@3.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-fygy-9njn-abgd
12
vulnerability VCID-g8ct-c4ce-zuaf
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-k73h-z6j8-gkgz
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-qxsq-ku22-r7gx
23
vulnerability VCID-r6kn-b963-eqge
24
vulnerability VCID-s6uu-335k-yfbc
25
vulnerability VCID-vfp6-4h8n-bkax
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-x9vd-njdz-jua9
29
vulnerability VCID-y8up-cqtu-jkdw
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1
aliases CVE-2018-1042, GHSA-qqjv-mc2v-p7mc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber
28
url VCID-yp82-zj5g-pbaf
vulnerability_id VCID-yp82-zj5g-pbaf
summary 
Improper Privilege Management
Course creators are able to change system default settings for courses.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7532
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26406
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7532
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://github.com/moodle/moodle/commit/6e861be6b7d49c5ac4583ae46762a28ede5785ad
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/6e861be6b7d49c5ac4583ae46762a28ede5785ad
3
reference_url https://github.com/moodle/moodle/commit/915f801546a5c3618feab897072c985abfce57df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/915f801546a5c3618feab897072c985abfce57df
4
reference_url https://moodle.org/mod/forum/discuss.php?d=355556
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=355556
5
reference_url https://web.archive.org/web/20210614032706/http://www.securityfocus.com/bid/99617
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210614032706/http://www.securityfocus.com/bid/99617
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
reference_id CVE-2017-7532
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-7532
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.4
purl pkg:composer/moodle/moodle@3.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-ckg1-9vpt-yfdk
7
vulnerability VCID-duna-st9c-mqbk
8
vulnerability VCID-eu27-a3px-87ed
9
vulnerability VCID-fegs-ubsk-63hu
10
vulnerability VCID-g8ct-c4ce-zuaf
11
vulnerability VCID-jcq6-btgz-fkf6
12
vulnerability VCID-m3np-aebb-8qaa
13
vulnerability VCID-m4zv-e3dn-budf
14
vulnerability VCID-mkfz-e1ft-2bcw
15
vulnerability VCID-nc2j-pay7-ryab
16
vulnerability VCID-nntc-dsz1-e3fp
17
vulnerability VCID-p2gd-7uam-mqf8
18
vulnerability VCID-qhv1-wgpm-7fh6
19
vulnerability VCID-w9ca-exua-g7ar
20
vulnerability VCID-x7rg-rsb5-pya7
21
vulnerability VCID-y8up-cqtu-jkdw
22
vulnerability VCID-yghg-775s-vber
23
vulnerability VCID-zgzm-wj81-jkah
24
vulnerability VCID-zjrq-np3y-hua5
25
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4
1
url pkg:composer/moodle/moodle@3.3.1
purl pkg:composer/moodle/moodle@3.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b7br-bh2d-rygp
8
vulnerability VCID-bjnq-q2nd-1khp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-fygy-9njn-abgd
14
vulnerability VCID-g8ct-c4ce-zuaf
15
vulnerability VCID-jcq6-btgz-fkf6
16
vulnerability VCID-m3np-aebb-8qaa
17
vulnerability VCID-m4zv-e3dn-budf
18
vulnerability VCID-mkfz-e1ft-2bcw
19
vulnerability VCID-mmg3-7fz9-5uak
20
vulnerability VCID-nc2j-pay7-ryab
21
vulnerability VCID-nntc-dsz1-e3fp
22
vulnerability VCID-p2gd-7uam-mqf8
23
vulnerability VCID-q2fa-jymp-c3bb
24
vulnerability VCID-qhv1-wgpm-7fh6
25
vulnerability VCID-vfp6-4h8n-bkax
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-x9vd-njdz-jua9
29
vulnerability VCID-y8up-cqtu-jkdw
30
vulnerability VCID-yghg-775s-vber
31
vulnerability VCID-yp82-zj5g-pbaf
32
vulnerability VCID-zgzm-wj81-jkah
33
vulnerability VCID-zjrq-np3y-hua5
34
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.1
2
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-b7br-bh2d-rygp
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-ckg1-9vpt-yfdk
9
vulnerability VCID-duna-st9c-mqbk
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fegs-ubsk-63hu
12
vulnerability VCID-fygy-9njn-abgd
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nc2j-pay7-ryab
20
vulnerability VCID-nntc-dsz1-e3fp
21
vulnerability VCID-p2gd-7uam-mqf8
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vfp6-4h8n-bkax
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-x9vd-njdz-jua9
27
vulnerability VCID-y8up-cqtu-jkdw
28
vulnerability VCID-yghg-775s-vber
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
aliases CVE-2017-7532, GHSA-jjhx-5jff-rc8m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf
29
url VCID-zgzm-wj81-jkah
vulnerability_id VCID-zgzm-wj81-jkah
summary 
Cross-site Scripting
Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12156
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38511
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12156
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://github.com/moodle/moodle/commit/a39d2976fe5e91da7a28a8512d5b94d4a27067b8
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/a39d2976fe5e91da7a28a8512d5b94d4a27067b8
3
reference_url https://moodle.org/mod/forum/discuss.php?d=358585
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=358585
4
reference_url https://web.archive.org/web/20210124104026/http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124104026/http://www.securityfocus.com/bid/100867
5
reference_url http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/100867
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
reference_id CVE-2017-12156
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12156
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.5
purl pkg:composer/moodle/moodle@3.2.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-a6pb-47tu-afcg
3
vulnerability VCID-ajkr-fxa1-mkhk
4
vulnerability VCID-b7br-bh2d-rygp
5
vulnerability VCID-ckg1-9vpt-yfdk
6
vulnerability VCID-duna-st9c-mqbk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-fegs-ubsk-63hu
9
vulnerability VCID-g8ct-c4ce-zuaf
10
vulnerability VCID-jcq6-btgz-fkf6
11
vulnerability VCID-m3np-aebb-8qaa
12
vulnerability VCID-m4zv-e3dn-budf
13
vulnerability VCID-mkfz-e1ft-2bcw
14
vulnerability VCID-nc2j-pay7-ryab
15
vulnerability VCID-nntc-dsz1-e3fp
16
vulnerability VCID-p2gd-7uam-mqf8
17
vulnerability VCID-qhv1-wgpm-7fh6
18
vulnerability VCID-w9ca-exua-g7ar
19
vulnerability VCID-x7rg-rsb5-pya7
20
vulnerability VCID-y8up-cqtu-jkdw
21
vulnerability VCID-yghg-775s-vber
22
vulnerability VCID-zgzm-wj81-jkah
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5
1
url pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-ajkr-fxa1-mkhk
3
vulnerability VCID-b7br-bh2d-rygp
4
vulnerability VCID-ckg1-9vpt-yfdk
5
vulnerability VCID-duna-st9c-mqbk
6
vulnerability VCID-eu27-a3px-87ed
7
vulnerability VCID-fegs-ubsk-63hu
8
vulnerability VCID-g8ct-c4ce-zuaf
9
vulnerability VCID-jcq6-btgz-fkf6
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-m4zv-e3dn-budf
12
vulnerability VCID-mkfz-e1ft-2bcw
13
vulnerability VCID-nc2j-pay7-ryab
14
vulnerability VCID-nntc-dsz1-e3fp
15
vulnerability VCID-p2gd-7uam-mqf8
16
vulnerability VCID-qhv1-wgpm-7fh6
17
vulnerability VCID-w9ca-exua-g7ar
18
vulnerability VCID-x7rg-rsb5-pya7
19
vulnerability VCID-y8up-cqtu-jkdw
20
vulnerability VCID-yghg-775s-vber
21
vulnerability VCID-zjrq-np3y-hua5
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6
2
url pkg:composer/moodle/moodle@3.3.0-beta
purl pkg:composer/moodle/moodle@3.3.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-eu27-a3px-87ed
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-m3np-aebb-8qaa
5
vulnerability VCID-mkfz-e1ft-2bcw
6
vulnerability VCID-nntc-dsz1-e3fp
7
vulnerability VCID-qhv1-wgpm-7fh6
8
vulnerability VCID-w9ca-exua-g7ar
9
vulnerability VCID-x7rg-rsb5-pya7
10
vulnerability VCID-y8up-cqtu-jkdw
11
vulnerability VCID-zjrq-np3y-hua5
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.0-beta
3
url pkg:composer/moodle/moodle@3.3.2
purl pkg:composer/moodle/moodle@3.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-83kb-4mk9-t7ge
3
vulnerability VCID-8mgr-gdzj-4ybs
4
vulnerability VCID-a6pb-47tu-afcg
5
vulnerability VCID-ajkr-fxa1-mkhk
6
vulnerability VCID-b7br-bh2d-rygp
7
vulnerability VCID-bjnq-q2nd-1khp
8
vulnerability VCID-ckg1-9vpt-yfdk
9
vulnerability VCID-duna-st9c-mqbk
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fegs-ubsk-63hu
12
vulnerability VCID-fygy-9njn-abgd
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-mmg3-7fz9-5uak
19
vulnerability VCID-nc2j-pay7-ryab
20
vulnerability VCID-nntc-dsz1-e3fp
21
vulnerability VCID-p2gd-7uam-mqf8
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vfp6-4h8n-bkax
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-x9vd-njdz-jua9
27
vulnerability VCID-y8up-cqtu-jkdw
28
vulnerability VCID-yghg-775s-vber
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2
4
url pkg:composer/moodle/moodle@3.3.3
purl pkg:composer/moodle/moodle@3.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-4rz2-b4e3-87g5
2
vulnerability VCID-8mgr-gdzj-4ybs
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-b7br-bh2d-rygp
6
vulnerability VCID-bjnq-q2nd-1khp
7
vulnerability VCID-ckg1-9vpt-yfdk
8
vulnerability VCID-duna-st9c-mqbk
9
vulnerability VCID-eu27-a3px-87ed
10
vulnerability VCID-fegs-ubsk-63hu
11
vulnerability VCID-fygy-9njn-abgd
12
vulnerability VCID-g8ct-c4ce-zuaf
13
vulnerability VCID-jcq6-btgz-fkf6
14
vulnerability VCID-m3np-aebb-8qaa
15
vulnerability VCID-m4zv-e3dn-budf
16
vulnerability VCID-mkfz-e1ft-2bcw
17
vulnerability VCID-mmg3-7fz9-5uak
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-qhv1-wgpm-7fh6
22
vulnerability VCID-vfp6-4h8n-bkax
23
vulnerability VCID-w9ca-exua-g7ar
24
vulnerability VCID-x7rg-rsb5-pya7
25
vulnerability VCID-x9vd-njdz-jua9
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-zjrq-np3y-hua5
29
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3
aliases CVE-2017-12156, GHSA-7mfw-g8x4-rq2w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah
30
url VCID-zjrq-np3y-hua5
vulnerability_id VCID-zjrq-np3y-hua5
summary 
Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3848
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32374
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3848
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
2
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
3
reference_url https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3848
reference_id CVE-2019-3848
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-3848
fixed_packages
0
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-deur-8zdf-2kh2
3
vulnerability VCID-eu27-a3px-87ed
4
vulnerability VCID-jcq6-btgz-fkf6
5
vulnerability VCID-m3np-aebb-8qaa
6
vulnerability VCID-mkfz-e1ft-2bcw
7
vulnerability VCID-nntc-dsz1-e3fp
8
vulnerability VCID-qxsq-ku22-r7gx
9
vulnerability VCID-w9ca-exua-g7ar
10
vulnerability VCID-x7rg-rsb5-pya7
11
vulnerability VCID-y8up-cqtu-jkdw
12
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
1
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-3cb4-wz6x-ckcd
2
vulnerability VCID-42fa-qbft-rfff
3
vulnerability VCID-56wj-4124-ryd2
4
vulnerability VCID-6m19-4krm-2udd
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-bbj9-hpz3-xqhh
7
vulnerability VCID-c1a1-z5m1-nfbc
8
vulnerability VCID-deur-8zdf-2kh2
9
vulnerability VCID-dpd2-1sqc-qqfy
10
vulnerability VCID-eu27-a3px-87ed
11
vulnerability VCID-fskk-cb95-uqer
12
vulnerability VCID-gnez-ehgq-rfbr
13
vulnerability VCID-hhzz-hbqz-akfw
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-jcsq-3q5z-4kc6
16
vulnerability VCID-kgva-z9gg-u3dw
17
vulnerability VCID-m3np-aebb-8qaa
18
vulnerability VCID-mhm4-8kuk-t7b6
19
vulnerability VCID-mkfz-e1ft-2bcw
20
vulnerability VCID-mqde-66zm-qbbj
21
vulnerability VCID-nntc-dsz1-e3fp
22
vulnerability VCID-paj4-nq1r-jbd3
23
vulnerability VCID-pgfa-bkaw-q7cq
24
vulnerability VCID-qxsq-ku22-r7gx
25
vulnerability VCID-w2b2-fuky-j3ff
26
vulnerability VCID-w9ca-exua-g7ar
27
vulnerability VCID-x7rg-rsb5-pya7
28
vulnerability VCID-y8up-cqtu-jkdw
29
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
2
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-a6pb-47tu-afcg
2
vulnerability VCID-deur-8zdf-2kh2
3
vulnerability VCID-eu27-a3px-87ed
4
vulnerability VCID-hhzz-hbqz-akfw
5
vulnerability VCID-jcq6-btgz-fkf6
6
vulnerability VCID-kgva-z9gg-u3dw
7
vulnerability VCID-m3np-aebb-8qaa
8
vulnerability VCID-n5tc-1k33-dfeq
9
vulnerability VCID-paj4-nq1r-jbd3
10
vulnerability VCID-qxsq-ku22-r7gx
11
vulnerability VCID-w2b2-fuky-j3ff
12
vulnerability VCID-w9ca-exua-g7ar
13
vulnerability VCID-x7rg-rsb5-pya7
14
vulnerability VCID-y8up-cqtu-jkdw
15
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3848, GHSA-45rw-4r25-jvg7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5
31
url VCID-zwkk-zazw-6fgg
vulnerability_id VCID-zwkk-zazw-6fgg
summary 
Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-20184
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.34896
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-20184
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=417167
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=417167
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-20184
reference_id CVE-2021-20184
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-20184
fixed_packages
0
url pkg:composer/moodle/moodle@3.8.7
purl pkg:composer/moodle/moodle@3.8.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.7
1
url pkg:composer/moodle/moodle@3.9.4
purl pkg:composer/moodle/moodle@3.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-dpd2-1sqc-qqfy
2
vulnerability VCID-gnez-ehgq-rfbr
3
vulnerability VCID-jcq6-btgz-fkf6
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.4
2
url pkg:composer/moodle/moodle@3.10.1
purl pkg:composer/moodle/moodle@3.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bbj9-hpz3-xqhh
1
vulnerability VCID-bu6d-ns3s-fuck
2
vulnerability VCID-dpd2-1sqc-qqfy
3
vulnerability VCID-gnez-ehgq-rfbr
4
vulnerability VCID-mqde-66zm-qbbj
5
vulnerability VCID-pgfa-bkaw-q7cq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.1
aliases CVE-2021-20184, GHSA-mm73-86f9-5x5c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg
Fixing_vulnerabilities
0
url VCID-2qjr-wjh1-8fh6
vulnerability_id VCID-2qjr-wjh1-8fh6
summary 
Information Exposure
In Moodle global search displays user names for unauthenticated users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2643
reference_id
reference_type
scores
0
value 0.00762
scoring_system epss
scoring_elements 0.73737
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2643
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=349420
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=349420
3
reference_url http://www.securityfocus.com/bid/96978
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96978
4
reference_url http://www.securitytracker.com/id/1038174
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038174
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2643
reference_id CVE-2017-2643
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2643
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-2s6b-tp6p-gue1
2
vulnerability VCID-5rbf-4dz3-2qdz
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b1q7-u3cx-ukej
8
vulnerability VCID-b7br-bh2d-rygp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-q2fa-jymp-c3bb
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vtq4-fpr8-hudb
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-yp82-zj5g-pbaf
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2643, GHSA-98mf-mqw9-9q8q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjr-wjh1-8fh6
1
url VCID-dhku-uah4-ykh8
vulnerability_id VCID-dhku-uah4-ykh8
summary 
SQL Injection
An SQL injection can occur via user preferences.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2641
reference_id
reference_type
scores
0
value 0.01895
scoring_system epss
scoring_elements 0.8355
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2641
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=349419
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=349419
3
reference_url https://www.exploit-db.com/exploits/41828
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/41828
4
reference_url http://www.securityfocus.com/bid/96977
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96977
5
reference_url http://www.securitytracker.com/id/1038174
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038174
6
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41828.php
reference_id CVE-2017-2641
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/41828.php
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
reference_id CVE-2017-2641
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2641
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.19
purl pkg:composer/moodle/moodle@2.7.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-a6pb-47tu-afcg
3
vulnerability VCID-ajkr-fxa1-mkhk
4
vulnerability VCID-bjnq-q2nd-1khp
5
vulnerability VCID-duna-st9c-mqbk
6
vulnerability VCID-eu27-a3px-87ed
7
vulnerability VCID-jcq6-btgz-fkf6
8
vulnerability VCID-k73h-z6j8-gkgz
9
vulnerability VCID-m3np-aebb-8qaa
10
vulnerability VCID-m4zv-e3dn-budf
11
vulnerability VCID-mkfz-e1ft-2bcw
12
vulnerability VCID-nntc-dsz1-e3fp
13
vulnerability VCID-qhv1-wgpm-7fh6
14
vulnerability VCID-r6kn-b963-eqge
15
vulnerability VCID-s6uu-335k-yfbc
16
vulnerability VCID-vfp6-4h8n-bkax
17
vulnerability VCID-w9ca-exua-g7ar
18
vulnerability VCID-x7rg-rsb5-pya7
19
vulnerability VCID-y8up-cqtu-jkdw
20
vulnerability VCID-yghg-775s-vber
21
vulnerability VCID-zjrq-np3y-hua5
22
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.19
1
url pkg:composer/moodle/moodle@3.0.9
purl pkg:composer/moodle/moodle@3.0.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-83kb-4mk9-t7ge
2
vulnerability VCID-9nd7-4wve-97hc
3
vulnerability VCID-a6pb-47tu-afcg
4
vulnerability VCID-ajkr-fxa1-mkhk
5
vulnerability VCID-bjnq-q2nd-1khp
6
vulnerability VCID-duna-st9c-mqbk
7
vulnerability VCID-eu27-a3px-87ed
8
vulnerability VCID-jcq6-btgz-fkf6
9
vulnerability VCID-k73h-z6j8-gkgz
10
vulnerability VCID-m3np-aebb-8qaa
11
vulnerability VCID-m4zv-e3dn-budf
12
vulnerability VCID-mkfz-e1ft-2bcw
13
vulnerability VCID-nntc-dsz1-e3fp
14
vulnerability VCID-qhv1-wgpm-7fh6
15
vulnerability VCID-r6kn-b963-eqge
16
vulnerability VCID-s6uu-335k-yfbc
17
vulnerability VCID-vfp6-4h8n-bkax
18
vulnerability VCID-w9ca-exua-g7ar
19
vulnerability VCID-x7rg-rsb5-pya7
20
vulnerability VCID-y8up-cqtu-jkdw
21
vulnerability VCID-yghg-775s-vber
22
vulnerability VCID-zgzm-wj81-jkah
23
vulnerability VCID-zjrq-np3y-hua5
24
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.9
2
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-8mgr-gdzj-4ybs
5
vulnerability VCID-9nd7-4wve-97hc
6
vulnerability VCID-9t4u-n1pn-w3bd
7
vulnerability VCID-a6pb-47tu-afcg
8
vulnerability VCID-ajkr-fxa1-mkhk
9
vulnerability VCID-b7br-bh2d-rygp
10
vulnerability VCID-bjnq-q2nd-1khp
11
vulnerability VCID-ckg1-9vpt-yfdk
12
vulnerability VCID-deur-8zdf-2kh2
13
vulnerability VCID-duna-st9c-mqbk
14
vulnerability VCID-eu27-a3px-87ed
15
vulnerability VCID-fegs-ubsk-63hu
16
vulnerability VCID-g8ct-c4ce-zuaf
17
vulnerability VCID-jcq6-btgz-fkf6
18
vulnerability VCID-k73h-z6j8-gkgz
19
vulnerability VCID-m3np-aebb-8qaa
20
vulnerability VCID-m4zv-e3dn-budf
21
vulnerability VCID-mkfz-e1ft-2bcw
22
vulnerability VCID-nntc-dsz1-e3fp
23
vulnerability VCID-p2gd-7uam-mqf8
24
vulnerability VCID-q2fa-jymp-c3bb
25
vulnerability VCID-qhv1-wgpm-7fh6
26
vulnerability VCID-qxsq-ku22-r7gx
27
vulnerability VCID-r6kn-b963-eqge
28
vulnerability VCID-s6uu-335k-yfbc
29
vulnerability VCID-vfp6-4h8n-bkax
30
vulnerability VCID-w9ca-exua-g7ar
31
vulnerability VCID-x7rg-rsb5-pya7
32
vulnerability VCID-y8up-cqtu-jkdw
33
vulnerability VCID-yghg-775s-vber
34
vulnerability VCID-yp82-zj5g-pbaf
35
vulnerability VCID-zgzm-wj81-jkah
36
vulnerability VCID-zjrq-np3y-hua5
37
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
3
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-2s6b-tp6p-gue1
2
vulnerability VCID-5rbf-4dz3-2qdz
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b1q7-u3cx-ukej
8
vulnerability VCID-b7br-bh2d-rygp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-q2fa-jymp-c3bb
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vtq4-fpr8-hudb
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-yp82-zj5g-pbaf
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2641, GHSA-xhq3-455r-xv44
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhku-uah4-ykh8
2
url VCID-jn5n-6hg9-tyf7
vulnerability_id VCID-jn5n-6hg9-tyf7
summary 
Cross-site Scripting
An XSS can occur via evidence of prior learning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2644
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52121
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2644
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://github.com/moodle/moodle/commit/ac40d8b589820929fe4201a3f0640414e2b9dabd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/ac40d8b589820929fe4201a3f0640414e2b9dabd
3
reference_url https://moodle.org/mod/forum/discuss.php?d=349421
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=349421
4
reference_url https://web.archive.org/web/20210124004851/http://www.securityfocus.com/bid/96979
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210124004851/http://www.securityfocus.com/bid/96979
5
reference_url https://web.archive.org/web/20210227004858/http://www.securitytracker.com/id/1038174
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210227004858/http://www.securitytracker.com/id/1038174
6
reference_url http://www.securityfocus.com/bid/96979
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/96979
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
reference_id CVE-2017-2644
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2644
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-8mgr-gdzj-4ybs
5
vulnerability VCID-9nd7-4wve-97hc
6
vulnerability VCID-9t4u-n1pn-w3bd
7
vulnerability VCID-a6pb-47tu-afcg
8
vulnerability VCID-ajkr-fxa1-mkhk
9
vulnerability VCID-b7br-bh2d-rygp
10
vulnerability VCID-bjnq-q2nd-1khp
11
vulnerability VCID-ckg1-9vpt-yfdk
12
vulnerability VCID-deur-8zdf-2kh2
13
vulnerability VCID-duna-st9c-mqbk
14
vulnerability VCID-eu27-a3px-87ed
15
vulnerability VCID-fegs-ubsk-63hu
16
vulnerability VCID-g8ct-c4ce-zuaf
17
vulnerability VCID-jcq6-btgz-fkf6
18
vulnerability VCID-k73h-z6j8-gkgz
19
vulnerability VCID-m3np-aebb-8qaa
20
vulnerability VCID-m4zv-e3dn-budf
21
vulnerability VCID-mkfz-e1ft-2bcw
22
vulnerability VCID-nntc-dsz1-e3fp
23
vulnerability VCID-p2gd-7uam-mqf8
24
vulnerability VCID-q2fa-jymp-c3bb
25
vulnerability VCID-qhv1-wgpm-7fh6
26
vulnerability VCID-qxsq-ku22-r7gx
27
vulnerability VCID-r6kn-b963-eqge
28
vulnerability VCID-s6uu-335k-yfbc
29
vulnerability VCID-vfp6-4h8n-bkax
30
vulnerability VCID-w9ca-exua-g7ar
31
vulnerability VCID-x7rg-rsb5-pya7
32
vulnerability VCID-y8up-cqtu-jkdw
33
vulnerability VCID-yghg-775s-vber
34
vulnerability VCID-yp82-zj5g-pbaf
35
vulnerability VCID-zgzm-wj81-jkah
36
vulnerability VCID-zjrq-np3y-hua5
37
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-2s6b-tp6p-gue1
2
vulnerability VCID-5rbf-4dz3-2qdz
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b1q7-u3cx-ukej
8
vulnerability VCID-b7br-bh2d-rygp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-q2fa-jymp-c3bb
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vtq4-fpr8-hudb
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-yp82-zj5g-pbaf
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2644, GHSA-93gj-rg98-h7mm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jn5n-6hg9-tyf7
3
url VCID-x927-nh46-7fdy
vulnerability_id VCID-x927-nh46-7fdy
summary 
Cross-site Scripting
In Moodle, an XSS can occur via attachments to evidence of prior learning.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2645
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.52121
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2645
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
2
reference_url https://moodle.org/mod/forum/discuss.php?d=349422
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=349422
3
reference_url http://www.securityfocus.com/bid/96982
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/96982
4
reference_url http://www.securitytracker.com/id/1038174
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1038174
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
reference_id CVE-2017-2645
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2645
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.5
purl pkg:composer/moodle/moodle@3.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2s6b-tp6p-gue1
1
vulnerability VCID-336n-hpzg-euhd
2
vulnerability VCID-4rz2-b4e3-87g5
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-8mgr-gdzj-4ybs
5
vulnerability VCID-9nd7-4wve-97hc
6
vulnerability VCID-9t4u-n1pn-w3bd
7
vulnerability VCID-a6pb-47tu-afcg
8
vulnerability VCID-ajkr-fxa1-mkhk
9
vulnerability VCID-b7br-bh2d-rygp
10
vulnerability VCID-bjnq-q2nd-1khp
11
vulnerability VCID-ckg1-9vpt-yfdk
12
vulnerability VCID-deur-8zdf-2kh2
13
vulnerability VCID-duna-st9c-mqbk
14
vulnerability VCID-eu27-a3px-87ed
15
vulnerability VCID-fegs-ubsk-63hu
16
vulnerability VCID-g8ct-c4ce-zuaf
17
vulnerability VCID-jcq6-btgz-fkf6
18
vulnerability VCID-k73h-z6j8-gkgz
19
vulnerability VCID-m3np-aebb-8qaa
20
vulnerability VCID-m4zv-e3dn-budf
21
vulnerability VCID-mkfz-e1ft-2bcw
22
vulnerability VCID-nntc-dsz1-e3fp
23
vulnerability VCID-p2gd-7uam-mqf8
24
vulnerability VCID-q2fa-jymp-c3bb
25
vulnerability VCID-qhv1-wgpm-7fh6
26
vulnerability VCID-qxsq-ku22-r7gx
27
vulnerability VCID-r6kn-b963-eqge
28
vulnerability VCID-s6uu-335k-yfbc
29
vulnerability VCID-vfp6-4h8n-bkax
30
vulnerability VCID-w9ca-exua-g7ar
31
vulnerability VCID-x7rg-rsb5-pya7
32
vulnerability VCID-y8up-cqtu-jkdw
33
vulnerability VCID-yghg-775s-vber
34
vulnerability VCID-yp82-zj5g-pbaf
35
vulnerability VCID-zgzm-wj81-jkah
36
vulnerability VCID-zjrq-np3y-hua5
37
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.5
1
url pkg:composer/moodle/moodle@3.2.2
purl pkg:composer/moodle/moodle@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-2s6b-tp6p-gue1
2
vulnerability VCID-5rbf-4dz3-2qdz
3
vulnerability VCID-83kb-4mk9-t7ge
4
vulnerability VCID-9nd7-4wve-97hc
5
vulnerability VCID-a6pb-47tu-afcg
6
vulnerability VCID-ajkr-fxa1-mkhk
7
vulnerability VCID-b1q7-u3cx-ukej
8
vulnerability VCID-b7br-bh2d-rygp
9
vulnerability VCID-ckg1-9vpt-yfdk
10
vulnerability VCID-duna-st9c-mqbk
11
vulnerability VCID-eu27-a3px-87ed
12
vulnerability VCID-fegs-ubsk-63hu
13
vulnerability VCID-g8ct-c4ce-zuaf
14
vulnerability VCID-jcq6-btgz-fkf6
15
vulnerability VCID-m3np-aebb-8qaa
16
vulnerability VCID-m4zv-e3dn-budf
17
vulnerability VCID-mkfz-e1ft-2bcw
18
vulnerability VCID-nc2j-pay7-ryab
19
vulnerability VCID-nntc-dsz1-e3fp
20
vulnerability VCID-p2gd-7uam-mqf8
21
vulnerability VCID-q2fa-jymp-c3bb
22
vulnerability VCID-qhv1-wgpm-7fh6
23
vulnerability VCID-vtq4-fpr8-hudb
24
vulnerability VCID-w9ca-exua-g7ar
25
vulnerability VCID-x7rg-rsb5-pya7
26
vulnerability VCID-y8up-cqtu-jkdw
27
vulnerability VCID-yghg-775s-vber
28
vulnerability VCID-yp82-zj5g-pbaf
29
vulnerability VCID-zgzm-wj81-jkah
30
vulnerability VCID-zjrq-np3y-hua5
31
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2
aliases CVE-2017-2645, GHSA-9cg4-4f87-jhm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x927-nh46-7fdy
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2