Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@3.2.6
purl pkg:composer/moodle/moodle@3.2.6
Next non-vulnerable version 3.2.9
Latest non-vulnerable version 5.1.2
Risk
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-ajkr-fxa1-mkhk
Aliases:
CVE-2018-1045
Cross-site Scripting Moodle is vulnerable to XSS via a calendar event name.
3.2.7
Affected by 1 other vulnerability.
3.3.4
Affected by 2 other vulnerabilities.
VCID-duna-st9c-mqbk
Aliases:
CVE-2018-1044
Information Exposure In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.
3.2.7
Affected by 1 other vulnerability.
3.3.4
Affected by 2 other vulnerabilities.
3.4.1
Affected by 2 other vulnerabilities.
VCID-nc2j-pay7-ryab
Aliases:
CVE-2018-1043
Insufficient Access Control The setting for blocked hosts list can be bypassed with multiple A record `hostnames`.
3.2.7
Affected by 1 other vulnerability.
3.3.4
Affected by 2 other vulnerabilities.
3.4.1
Affected by 2 other vulnerabilities.
VCID-yghg-775s-vber
Aliases:
CVE-2018-1042
Server-Side Request Forgery (SSRF) Moodle has Server Side Request Forgery in the `filepicker`.
3.2.7
Affected by 1 other vulnerability.
3.3.4
Affected by 2 other vulnerabilities.
3.4.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-83kb-4mk9-t7ge Information Exposure Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. CVE-2017-15110
VCID-zgzm-wj81-jkah Cross-site Scripting Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback. CVE-2017-12156

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:37:28.086875+00:00 GitLab Importer Affected by VCID-yghg-775s-vber https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1042.yml 38.6.0
2026-06-02T04:37:27.996052+00:00 GitLab Importer Affected by VCID-nc2j-pay7-ryab https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1043.yml 38.6.0
2026-06-02T04:37:27.427755+00:00 GitLab Importer Affected by VCID-duna-st9c-mqbk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1044.yml 38.6.0
2026-06-02T04:37:27.044999+00:00 GitLab Importer Affected by VCID-ajkr-fxa1-mkhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-1045.yml 38.6.0
2026-06-02T04:37:21.639981+00:00 GitLab Importer Fixing VCID-83kb-4mk9-t7ge https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-15110.yml 38.6.0
2026-06-02T04:37:04.930850+00:00 GitLab Importer Fixing VCID-zgzm-wj81-jkah https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2017-12156.yml 38.6.0