| 0 |
| url |
VCID-2s6b-tp6p-gue1 |
| vulnerability_id |
VCID-2s6b-tp6p-gue1 |
| summary |
Cross-Site Request Forgery (CSRF)
A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10186, GHSA-wv9c-pfpm-4wc5
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2s6b-tp6p-gue1 |
|
| 1 |
| url |
VCID-a6pb-47tu-afcg |
| vulnerability_id |
VCID-a6pb-47tu-afcg |
| summary |
Information Exposure
Moodle is vulnerable to information exposure of service tokens for users enrolled in the same course. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.2 |
| purl |
pkg:composer/moodle/moodle@3.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 13 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 14 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 15 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 16 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.2 |
|
|
| aliases |
CVE-2020-1692, GHSA-9328-7pcw-vw69
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-a6pb-47tu-afcg |
|
| 2 |
| url |
VCID-b7br-bh2d-rygp |
| vulnerability_id |
VCID-b7br-bh2d-rygp |
| summary |
Improper Input Validation
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.6 |
| purl |
pkg:composer/moodle/moodle@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 5 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 9 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 16 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 17 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.3 |
| purl |
pkg:composer/moodle/moodle@3.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 9 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 10 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 11 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 12 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 13 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 14 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 15 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 16 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 17 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 18 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 19 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 20 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 21 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 22 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 23 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 24 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3 |
|
|
| aliases |
CVE-2018-1137, GHSA-vxqh-mx28-7ghw
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp |
|
| 3 |
| url |
VCID-ckg1-9vpt-yfdk |
| vulnerability_id |
VCID-ckg1-9vpt-yfdk |
| summary |
Improper Privilege Management
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.6 |
| purl |
pkg:composer/moodle/moodle@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 5 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 9 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 16 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 17 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.3 |
| purl |
pkg:composer/moodle/moodle@3.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 9 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 10 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 11 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 12 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 13 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 14 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 15 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 16 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 17 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 18 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 19 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 20 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 21 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 22 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 23 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 24 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3 |
|
|
| aliases |
CVE-2018-1134, GHSA-xjx9-7c29-pwmm
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk |
|
| 4 |
| url |
VCID-eu27-a3px-87ed |
| vulnerability_id |
VCID-eu27-a3px-87ed |
| summary |
Improper Access Control
Teachers in an assignment group could modify group overrides for other groups in the same assignment. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10189, GHSA-h7xp-7fjp-ghhc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-eu27-a3px-87ed |
|
| 5 |
| url |
VCID-fegs-ubsk-63hu |
| vulnerability_id |
VCID-fegs-ubsk-63hu |
| summary |
Information Exposure
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.6 |
| purl |
pkg:composer/moodle/moodle@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 5 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 9 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 16 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 17 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.3 |
| purl |
pkg:composer/moodle/moodle@3.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 9 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 10 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 11 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 12 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 13 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 14 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 15 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 16 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 17 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 18 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 19 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 20 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 21 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 22 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 23 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 24 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3 |
|
|
| aliases |
CVE-2018-1135, GHSA-vxmv-74rf-vqgp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu |
|
| 6 |
| url |
VCID-g8ct-c4ce-zuaf |
| vulnerability_id |
VCID-g8ct-c4ce-zuaf |
| summary |
Cross-site Scripting
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.6 |
| purl |
pkg:composer/moodle/moodle@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 5 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 9 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 16 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 17 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.3 |
| purl |
pkg:composer/moodle/moodle@3.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 9 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 10 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 11 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 12 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 13 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 14 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 15 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 16 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 17 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 18 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 19 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 20 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 21 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 22 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 23 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 24 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3 |
|
|
| aliases |
CVE-2018-1136, GHSA-xhfw-wjjc-4j5h
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf |
|
| 7 |
|
| 8 |
|
| 9 |
| url |
VCID-m4zv-e3dn-budf |
| vulnerability_id |
VCID-m4zv-e3dn-budf |
| summary |
Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.2.8 |
| purl |
pkg:composer/moodle/moodle@3.2.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-b7br-bh2d-rygp |
|
| 3 |
| vulnerability |
VCID-ckg1-9vpt-yfdk |
|
| 4 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 5 |
| vulnerability |
VCID-fegs-ubsk-63hu |
|
| 6 |
| vulnerability |
VCID-g8ct-c4ce-zuaf |
|
| 7 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 8 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 9 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-p2gd-7uam-mqf8 |
|
| 12 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 16 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 17 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.5 |
| purl |
pkg:composer/moodle/moodle@3.3.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-b7br-bh2d-rygp |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-ckg1-9vpt-yfdk |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-fegs-ubsk-63hu |
|
| 9 |
| vulnerability |
VCID-g8ct-c4ce-zuaf |
|
| 10 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 11 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 12 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 13 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 14 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 15 |
| vulnerability |
VCID-p2gd-7uam-mqf8 |
|
| 16 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 17 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 18 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 19 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 20 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 23 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.2 |
| purl |
pkg:composer/moodle/moodle@3.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-b7br-bh2d-rygp |
|
| 6 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 7 |
| vulnerability |
VCID-ckg1-9vpt-yfdk |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 10 |
| vulnerability |
VCID-fegs-ubsk-63hu |
|
| 11 |
| vulnerability |
VCID-g8ct-c4ce-zuaf |
|
| 12 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 13 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 14 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-p2gd-7uam-mqf8 |
|
| 19 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 20 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 21 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 22 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 23 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 24 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 25 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 26 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 27 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 28 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2 |
|
|
| aliases |
CVE-2018-1081, GHSA-v9xq-vh72-chr4
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf |
|
| 10 |
| url |
VCID-mkfz-e1ft-2bcw |
| vulnerability_id |
VCID-mkfz-e1ft-2bcw |
| summary |
Code Injection
It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20187, GHSA-2jrm-gww7-wch2
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-mkfz-e1ft-2bcw |
|
| 11 |
| url |
VCID-nntc-dsz1-e3fp |
| vulnerability_id |
VCID-nntc-dsz1-e3fp |
| summary |
Cross-site Scripting
It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20186, GHSA-h8m4-h385-qhqv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nntc-dsz1-e3fp |
|
| 12 |
| url |
VCID-p2gd-7uam-mqf8 |
| vulnerability_id |
VCID-p2gd-7uam-mqf8 |
| summary |
Injection Vulnerability
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.3.6 |
| purl |
pkg:composer/moodle/moodle@3.3.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 2 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 3 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 4 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 5 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 6 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 9 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 10 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 11 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 12 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 13 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 14 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 15 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 16 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 17 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.4.3 |
| purl |
pkg:composer/moodle/moodle@3.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-336n-hpzg-euhd |
|
| 2 |
| vulnerability |
VCID-4rz2-b4e3-87g5 |
|
| 3 |
| vulnerability |
VCID-8mgr-gdzj-4ybs |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bjnq-q2nd-1khp |
|
| 6 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 7 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 8 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 9 |
| vulnerability |
VCID-k73h-z6j8-gkgz |
|
| 10 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 11 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 12 |
| vulnerability |
VCID-mmg3-7fz9-5uak |
|
| 13 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 14 |
| vulnerability |
VCID-qhv1-wgpm-7fh6 |
|
| 15 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 16 |
| vulnerability |
VCID-r6kn-b963-eqge |
|
| 17 |
| vulnerability |
VCID-s6uu-335k-yfbc |
|
| 18 |
| vulnerability |
VCID-vfp6-4h8n-bkax |
|
| 19 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 20 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 21 |
| vulnerability |
VCID-x9vd-njdz-jua9 |
|
| 22 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 23 |
| vulnerability |
VCID-zjrq-np3y-hua5 |
|
| 24 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3 |
|
|
| aliases |
CVE-2018-1133, GHSA-xh2j-q4mc-v522
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8 |
|
| 13 |
| url |
VCID-qhv1-wgpm-7fh6 |
| vulnerability_id |
VCID-qhv1-wgpm-7fh6 |
| summary |
Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3849, GHSA-5wg9-5w3f-hxmh
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6 |
|
| 14 |
| url |
VCID-w9ca-exua-g7ar |
| vulnerability_id |
VCID-w9ca-exua-g7ar |
| summary |
Improper Access Control
Teachers in a quiz group could modify group overrides for other groups in the same quiz. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10188, GHSA-92q5-2h76-vgmj
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9ca-exua-g7ar |
|
| 15 |
| url |
VCID-x7rg-rsb5-pya7 |
| vulnerability_id |
VCID-x7rg-rsb5-pya7 |
| summary |
Improper Access Control
Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.5.7 |
| purl |
pkg:composer/moodle/moodle@3.5.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 2 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 3 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 4 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 5 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 8 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 9 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 15 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 16 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 17 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 18 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 19 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 20 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 21 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 22 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.7 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.7.1 |
| purl |
pkg:composer/moodle/moodle@3.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-494p-pmxw-b7e2 |
|
| 4 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 5 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 6 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 7 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 8 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 9 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 10 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 11 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 12 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 13 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 14 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 15 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 16 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 17 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 18 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.1 |
|
|
| aliases |
CVE-2019-10187, GHSA-2mg9-hv69-897x
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x7rg-rsb5-pya7 |
|
| 16 |
| url |
VCID-y8up-cqtu-jkdw |
| vulnerability_id |
VCID-y8up-cqtu-jkdw |
| summary |
Cross-site Scripting
Persistent XSS in `/course/modedit.php` of Moodle allows authenticated users (Teacher) to inject JavaScript into the session of another user (e.g., enrolled student or site administrator) via the `introeditor[text]` parameter. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:composer/moodle/moodle@3.7.3 |
| purl |
pkg:composer/moodle/moodle@3.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 1 |
| vulnerability |
VCID-3uvf-6ztd-xkaf |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-c14d-1sa2-rkf6 |
|
| 6 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 7 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 8 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 9 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 10 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 11 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 12 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 13 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.7.3 |
|
|
| aliases |
CVE-2019-18210, GHSA-q6vw-27c6-jv9c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-y8up-cqtu-jkdw |
|
| 17 |
| url |
VCID-zjrq-np3y-hua5 |
| vulnerability_id |
VCID-zjrq-np3y-hua5 |
| summary |
Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:composer/moodle/moodle@3.5.5 |
| purl |
pkg:composer/moodle/moodle@3.5.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-3cb4-wz6x-ckcd |
|
| 2 |
| vulnerability |
VCID-42fa-qbft-rfff |
|
| 3 |
| vulnerability |
VCID-56wj-4124-ryd2 |
|
| 4 |
| vulnerability |
VCID-6m19-4krm-2udd |
|
| 5 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 6 |
| vulnerability |
VCID-bbj9-hpz3-xqhh |
|
| 7 |
| vulnerability |
VCID-c1a1-z5m1-nfbc |
|
| 8 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 9 |
| vulnerability |
VCID-dpd2-1sqc-qqfy |
|
| 10 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 11 |
| vulnerability |
VCID-fskk-cb95-uqer |
|
| 12 |
| vulnerability |
VCID-gnez-ehgq-rfbr |
|
| 13 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 14 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 15 |
| vulnerability |
VCID-jcsq-3q5z-4kc6 |
|
| 16 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 17 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 18 |
| vulnerability |
VCID-mhm4-8kuk-t7b6 |
|
| 19 |
| vulnerability |
VCID-mkfz-e1ft-2bcw |
|
| 20 |
| vulnerability |
VCID-mqde-66zm-qbbj |
|
| 21 |
| vulnerability |
VCID-nntc-dsz1-e3fp |
|
| 22 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 23 |
| vulnerability |
VCID-pgfa-bkaw-q7cq |
|
| 24 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 25 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 26 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 27 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 28 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 29 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5 |
|
| 2 |
| url |
pkg:composer/moodle/moodle@3.6.3 |
| purl |
pkg:composer/moodle/moodle@3.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2s6b-tp6p-gue1 |
|
| 1 |
| vulnerability |
VCID-a6pb-47tu-afcg |
|
| 2 |
| vulnerability |
VCID-deur-8zdf-2kh2 |
|
| 3 |
| vulnerability |
VCID-eu27-a3px-87ed |
|
| 4 |
| vulnerability |
VCID-hhzz-hbqz-akfw |
|
| 5 |
| vulnerability |
VCID-jcq6-btgz-fkf6 |
|
| 6 |
| vulnerability |
VCID-kgva-z9gg-u3dw |
|
| 7 |
| vulnerability |
VCID-m3np-aebb-8qaa |
|
| 8 |
| vulnerability |
VCID-n5tc-1k33-dfeq |
|
| 9 |
| vulnerability |
VCID-paj4-nq1r-jbd3 |
|
| 10 |
| vulnerability |
VCID-qxsq-ku22-r7gx |
|
| 11 |
| vulnerability |
VCID-w2b2-fuky-j3ff |
|
| 12 |
| vulnerability |
VCID-w9ca-exua-g7ar |
|
| 13 |
| vulnerability |
VCID-x7rg-rsb5-pya7 |
|
| 14 |
| vulnerability |
VCID-y8up-cqtu-jkdw |
|
| 15 |
| vulnerability |
VCID-zwkk-zazw-6fgg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3 |
|
|
| aliases |
CVE-2019-3848, GHSA-45rw-4r25-jvg7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5 |
|
| 18 |
| url |
VCID-zwkk-zazw-6fgg |
| vulnerability_id |
VCID-zwkk-zazw-6fgg |
| summary |
Improper Validation of Integrity Check Value
It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2021-20184, GHSA-mm73-86f9-5x5c
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zwkk-zazw-6fgg |
|