Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62815?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62815?format=api", "purl": "pkg:composer/moodle/moodle@4.1.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "4.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.1", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17142?format=api", "vulnerability_id": "VCID-1vxe-caqu-kqab", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIf the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28332", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00837", "scoring_system": "epss", "scoring_elements": "0.74976", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28332" }, { "reference_url": "https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445064", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445064" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28332", "reference_id": "CVE-2023-28332", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28332" }, { "reference_url": "https://github.com/advisories/GHSA-9f45-9qrw-pp4v", "reference_id": "GHSA-9f45-9qrw-pp4v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9f45-9qrw-pp4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28332", "GHSA-9f45-9qrw-pp4v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1vxe-caqu-kqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18775?format=api", "vulnerability_id": "VCID-3898-265t-1yd5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nWiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38939", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443" }, { "reference_url": "https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5544", "reference_id": "CVE-2023-5544", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5544" }, { "reference_url": "https://github.com/advisories/GHSA-j5xf-gv89-g422", "reference_id": "GHSA-j5xf-gv89-g422", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j5xf-gv89-g422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5544", "GHSA-j5xf-gv89-g422" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3898-265t-1yd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18783?format=api", "vulnerability_id": "VCID-3pgc-yptg-tuaa", "summary": "Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nH5P metadata automatically populated the author with the user's username, which could be sensitive information.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51339", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444" }, { "reference_url": "https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5545", "reference_id": "CVE-2023-5545", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5545" }, { "reference_url": "https://github.com/advisories/GHSA-26fg-v32r-h663", "reference_id": "GHSA-26fg-v32r-h663", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-26fg-v32r-h663" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5545", "GHSA-26fg-v32r-h663" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pgc-yptg-tuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17901?format=api", "vulnerability_id": "VCID-4bfr-preb-afas", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nContent on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00892", "scoring_system": "epss", "scoring_elements": "0.75906", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35131" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=447829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=447829" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35131", "reference_id": "CVE-2023-35131", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35131" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64507?format=api", "purl": "pkg:composer/moodle/moodle@4.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64508?format=api", "purl": "pkg:composer/moodle/moodle@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1" } ], "aliases": [ "CVE-2023-35131" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4bfr-preb-afas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17891?format=api", "vulnerability_id": "VCID-4k5r-agwn-ruea", "summary": "Server-Side Request Forgery (SSRF)\nAn issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60394", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35133" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=447831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=447831" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35133", "reference_id": "CVE-2023-35133", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64507?format=api", "purl": "pkg:composer/moodle/moodle@4.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64508?format=api", "purl": "pkg:composer/moodle/moodle@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1" } ], "aliases": [ "CVE-2023-35133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4k5r-agwn-ruea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18786?format=api", "vulnerability_id": "VCID-57pd-ath8-1yf9", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.022", "scoring_system": "epss", "scoring_elements": "0.847", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352" }, { "reference_url": "https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451580", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451580" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5539", "reference_id": "CVE-2023-5539", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5539" }, { "reference_url": "https://github.com/advisories/GHSA-3xxm-3g3c-w579", "reference_id": "GHSA-3xxm-3g3c-w579", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3xxm-3g3c-w579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5539", "GHSA-3xxm-3g3c-w579" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57pd-ath8-1yf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17152?format=api", "vulnerability_id": "VCID-5gh4-58jt-dfet", "summary": "Moodle may display roles to users who don't have access to them\nThe course participation report required additional checks to prevent roles being displayed which the user does not have access to view.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61377", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-1402" }, { "reference_url": "https://github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445069", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445069" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1402", "reference_id": "CVE-2023-1402", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1402" }, { "reference_url": "https://github.com/advisories/GHSA-vj5p-fp42-774p", "reference_id": "GHSA-vj5p-fp42-774p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vj5p-fp42-774p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-1402", "GHSA-vj5p-fp42-774p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5gh4-58jt-dfet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18785?format=api", "vulnerability_id": "VCID-5v9k-wk4u-uuf9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe course upload preview contained an XSS risk for users uploading unsafe data.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5547", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33706", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5547" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447" }, { "reference_url": "https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079" }, { "reference_url": "https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451588", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451588" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5547", "reference_id": "CVE-2023-5547", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5547" }, { "reference_url": "https://github.com/advisories/GHSA-9gqp-3g28-w9xc", "reference_id": "GHSA-9gqp-3g28-w9xc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9gqp-3g28-w9xc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5547", "GHSA-9gqp-3g28-w9xc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v9k-wk4u-uuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16906?format=api", "vulnerability_id": "VCID-91z3-7wza-c7gs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52371", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23921" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162526", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162526" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=443272#p1782021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=443272#p1782021" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23921", "reference_id": "CVE-2023-23921", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23921" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62819?format=api", "purl": "pkg:composer/moodle/moodle@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1" } ], "aliases": [ "CVE-2023-23921" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91z3-7wza-c7gs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17140?format=api", "vulnerability_id": "VCID-97gg-fuah-jqcq", "summary": "Moodle SQL Injection vulnerability\nInsufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28329", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01296", "scoring_system": "epss", "scoring_elements": "0.80015", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28329" }, { "reference_url": "https://github.com/moodle/moodle/commit/81e74af17f419f7910f81279efecf5c7af09f38d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/81e74af17f419f7910f81279efecf5c7af09f38d" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77046" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445061", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445061" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28329", "reference_id": "CVE-2023-28329", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28329" }, { "reference_url": "https://github.com/advisories/GHSA-72w2-j52c-7682", "reference_id": "GHSA-72w2-j52c-7682", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-72w2-j52c-7682" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28329", "GHSA-72w2-j52c-7682" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-97gg-fuah-jqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18790?format=api", "vulnerability_id": "VCID-9rv1-hn65-dbhe", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.022", "scoring_system": "epss", "scoring_elements": "0.847", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432" }, { "reference_url": "https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451581" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5540", "reference_id": "CVE-2023-5540", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5540" }, { "reference_url": "https://github.com/advisories/GHSA-w8x2-w4qr-v3x4", "reference_id": "GHSA-w8x2-w4qr-v3x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w8x2-w4qr-v3x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5540", "GHSA-w8x2-w4qr-v3x4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rv1-hn65-dbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17137?format=api", "vulnerability_id": "VCID-a195-b6wc-xkbv", "summary": "Moodle arbitrary file read vulnerability\nInsufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01084", "scoring_system": "epss", "scoring_elements": "0.78173", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28330" }, { "reference_url": "https://github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445062" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28330", "reference_id": "CVE-2023-28330", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28330" }, { "reference_url": "https://github.com/advisories/GHSA-56r9-72vx-q989", "reference_id": "GHSA-56r9-72vx-q989", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-56r9-72vx-q989" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28330", "GHSA-56r9-72vx-q989" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a195-b6wc-xkbv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18789?format=api", "vulnerability_id": "VCID-a8pk-18gr-mubw", "summary": "Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nSeparate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22185", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5551" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453" }, { "reference_url": "https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0" }, { "reference_url": "https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a" }, { "reference_url": "https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451592", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5551", "reference_id": "CVE-2023-5551", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5551" }, { "reference_url": "https://github.com/advisories/GHSA-jr83-8x65-xcr5", "reference_id": "GHSA-jr83-8x65-xcr5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jr83-8x65-xcr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5551", "GHSA-jr83-8x65-xcr5" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8pk-18gr-mubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17138?format=api", "vulnerability_id": "VCID-affq-4sqk-p7ad", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nContent output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28331", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.76002", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28331" }, { "reference_url": "https://github.com/moodle/moodle/commit/1899e0397350c4c2bb3e73773981f66f16f8f2fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1899e0397350c4c2bb3e73773981f66f16f8f2fc" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=1899e0397350c4c2bb3e73773981f66f16f8f2fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=1899e0397350c4c2bb3e73773981f66f16f8f2fc" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445063" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28331", "reference_id": "CVE-2023-28331", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28331" }, { "reference_url": "https://github.com/advisories/GHSA-77jm-f3vj-xvx2", "reference_id": "GHSA-77jm-f3vj-xvx2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-77jm-f3vj-xvx2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28331", "GHSA-77jm-f3vj-xvx2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-affq-4sqk-p7ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18782?format=api", "vulnerability_id": "VCID-aubk-tpgh-z7e2", "summary": "Improper Authorization\nWhen duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77795", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77795" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.251", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5543" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243442" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451584", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451584" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5543", "reference_id": "CVE-2023-5543", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5543" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5543" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aubk-tpgh-z7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16908?format=api", "vulnerability_id": "VCID-bvne-5ym9-byaz", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52371", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23922" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162547" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=443273#p1782022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=443273#p1782022" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23922", "reference_id": "CVE-2023-23922", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23922" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62819?format=api", "purl": "pkg:composer/moodle/moodle@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1" } ], "aliases": [ "CVE-2023-23922" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvne-5ym9-byaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17532?format=api", "vulnerability_id": "VCID-cmz4-8t2n-27ef", "summary": "Moodle External Control of File Name or Path vulnerability\nThe vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26507", "scoring_system": "epss", "scoring_elements": "0.96417", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30943" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188605" }, { "reference_url": "https://github.com/moodle/moodle/commit/59d42e1ed23f916dcb47d53c745bef18a116d800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/59d42e1ed23f916dcb47d53c745bef18a116d800" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=446285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=446285" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30943", "reference_id": "CVE-2023-30943", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30943" }, { "reference_url": "https://github.com/advisories/GHSA-22gj-8qj2-fj46", "reference_id": "GHSA-22gj-8qj2-fj46", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-22gj-8qj2-fj46" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63865?format=api", "purl": "pkg:composer/moodle/moodle@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.3" } ], "aliases": [ "CVE-2023-30943", "GHSA-22gj-8qj2-fj46" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmz4-8t2n-27ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18777?format=api", "vulnerability_id": "VCID-cpxg-pzcj-73gn", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33706", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437" }, { "reference_url": "https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451582", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451582" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5541", "reference_id": "CVE-2023-5541", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5541" }, { "reference_url": "https://github.com/advisories/GHSA-28gc-4qq5-8q26", "reference_id": "GHSA-28gc-4qq5-8q26", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-28gc-4qq5-8q26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5541", "GHSA-28gc-4qq5-8q26" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpxg-pzcj-73gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18781?format=api", "vulnerability_id": "VCID-fb4d-p8pw-yka4", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nIn a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81264", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5550" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452" }, { "reference_url": "https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451591", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451591" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5550", "reference_id": "CVE-2023-5550", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5550" }, { "reference_url": "https://github.com/advisories/GHSA-5cvx-cwpx-9rjh", "reference_id": "GHSA-5cvx-cwpx-9rjh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5cvx-cwpx-9rjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5550", "GHSA-5cvx-cwpx-9rjh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb4d-p8pw-yka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18787?format=api", "vulnerability_id": "VCID-gqwn-qskg-qbc7", "summary": "Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability\nStronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51338", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5548" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243449", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243449" }, { "reference_url": "https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451589", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451589" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5548", "reference_id": "CVE-2023-5548", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5548" }, { "reference_url": "https://github.com/advisories/GHSA-cwh2-q44x-5w3c", "reference_id": "GHSA-cwh2-q44x-5w3c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cwh2-q44x-5w3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5548", "GHSA-cwh2-q44x-5w3c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqwn-qskg-qbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17886?format=api", "vulnerability_id": "VCID-jc4y-cpn8-6kgs", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nA limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35132", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.4914", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35132" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=447830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=447830" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35132", "reference_id": "CVE-2023-35132", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/64507?format=api", "purl": "pkg:composer/moodle/moodle@4.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/64508?format=api", "purl": "pkg:composer/moodle/moodle@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1" } ], "aliases": [ "CVE-2023-35132" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jc4y-cpn8-6kgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17150?format=api", "vulnerability_id": "VCID-nr96-4dtm-kbf9", "summary": "Moodle may allow authenticated users to enumerate other user's names via learning plans page\nAuthenticated users were able to enumerate other users' names via the learning plans page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28334", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51327", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28334" }, { "reference_url": "https://github.com/moodle/moodle/commit/0e3c8eb740e1e49a62a5f452cda7e06258712bbf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0e3c8eb740e1e49a62a5f452cda7e06258712bbf" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=0e3c8eb740e1e49a62a5f452cda7e06258712bbf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=0e3c8eb740e1e49a62a5f452cda7e06258712bbf" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445066" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28334", "reference_id": "CVE-2023-28334", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28334" }, { "reference_url": "https://github.com/advisories/GHSA-hh52-g5c4-wprh", "reference_id": "GHSA-hh52-g5c4-wprh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hh52-g5c4-wprh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28334", "GHSA-hh52-g5c4-wprh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nr96-4dtm-kbf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18784?format=api", "vulnerability_id": "VCID-p9vn-r312-1beg", "summary": "Moodle Improper Access Control vulnerability\nInsufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49143", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5549" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243451", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243451" }, { "reference_url": "https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451590", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451590" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5549", "reference_id": "CVE-2023-5549", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5549" }, { "reference_url": "https://github.com/advisories/GHSA-fm5h-58g2-4m3f", "reference_id": "GHSA-fm5h-58g2-4m3f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fm5h-58g2-4m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5549", "GHSA-fm5h-58g2-4m3f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vn-r312-1beg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18780?format=api", "vulnerability_id": "VCID-qmcu-uyur-r7bg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02379", "scoring_system": "epss", "scoring_elements": "0.8525", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5546" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445" }, { "reference_url": "https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=451587" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5546", "reference_id": "CVE-2023-5546", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5546" }, { "reference_url": "https://github.com/advisories/GHSA-9724-h8p7-r3jv", "reference_id": "GHSA-9724-h8p7-r3jv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9724-h8p7-r3jv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" } ], "aliases": [ "CVE-2023-5546", "GHSA-9724-h8p7-r3jv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcu-uyur-r7bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17143?format=api", "vulnerability_id": "VCID-rb6y-r3se-jya9", "summary": "Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input\nThe Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01064", "scoring_system": "epss", "scoring_elements": "0.77972", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28333" }, { "reference_url": "https://github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445065" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28333", "reference_id": "CVE-2023-28333", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28333" }, { "reference_url": "https://github.com/advisories/GHSA-q2x3-2f9g-h559", "reference_id": "GHSA-q2x3-2f9g-h559", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-q2x3-2f9g-h559" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28333", "GHSA-q2x3-2f9g-h559" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rb6y-r3se-jya9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17533?format=api", "vulnerability_id": "VCID-s3wm-bype-73bh", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7813", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30944" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188606" }, { "reference_url": "https://github.com/moodle/moodle/commit/5521d1d6e8bb8bebb76ad8154095f6b18ea26e7f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5521d1d6e8bb8bebb76ad8154095f6b18ea26e7f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=446286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=446286" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30944", "reference_id": "CVE-2023-30944", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30944" }, { "reference_url": "https://github.com/advisories/GHSA-7mmc-22g7-3xq2", "reference_id": "GHSA-7mmc-22g7-3xq2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7mmc-22g7-3xq2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63865?format=api", "purl": "pkg:composer/moodle/moodle@4.1.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.3" } ], "aliases": [ "CVE-2023-30944", "GHSA-7mmc-22g7-3xq2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wm-bype-73bh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17134?format=api", "vulnerability_id": "VCID-u1r6-67qc-37cg", "summary": "Cross-Site Request Forgery (CSRF)\nThe link to reset all templates of a database activity does not include the necessary token to prevent a CSRF risk.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0037", "scoring_system": "epss", "scoring_elements": "0.59129", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28335" }, { "reference_url": "https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445067", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28335", "reference_id": "CVE-2023-28335", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28335" }, { "reference_url": "https://github.com/advisories/GHSA-wxmq-v9gx-75pg", "reference_id": "GHSA-wxmq-v9gx-75pg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wxmq-v9gx-75pg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28335", "GHSA-wxmq-v9gx-75pg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1r6-67qc-37cg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17144?format=api", "vulnerability_id": "VCID-v9pe-asg8-37hv", "summary": "Moodle may allow teachers to access the names of users they could not otherwise access\nInsufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28336", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00407", "scoring_system": "epss", "scoring_elements": "0.61377", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28336" }, { "reference_url": "https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b" }, { "reference_url": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=445068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=445068" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28336", "reference_id": "CVE-2023-28336", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28336" }, { "reference_url": "https://github.com/advisories/GHSA-prjm-2fj2-787f", "reference_id": "GHSA-prjm-2fj2-787f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-prjm-2fj2-787f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63204?format=api", "purl": "pkg:composer/moodle/moodle@4.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2" } ], "aliases": [ "CVE-2023-28336", "GHSA-prjm-2fj2-787f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v9pe-asg8-37hv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16909?format=api", "vulnerability_id": "VCID-zhhy-m421-nffk", "summary": "Improper Access Control\nThe vulnerability was found Moodle which exists due to insufficient limitations on the \"start page\" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.55266", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23923" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162549", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2162549" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=443274#p1782023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=443274#p1782023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23923", "reference_id": "CVE-2023-23923", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23923" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62819?format=api", "purl": "pkg:composer/moodle/moodle@4.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1" } ], "aliases": [ "CVE-2023-23923" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zhhy-m421-nffk" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0" }