Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/moodle/moodle@3.4.5
purl pkg:composer/moodle/moodle@3.4.5
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-vfp6-4h8n-bkax Code Injection Moodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source. CVE-2018-14630
VCID-x9vd-njdz-jua9 Cross-site Scripting Moodle is vulnerable to a boost theme; the `blog` search GET parameter is insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the `search` parameter. CVE-2018-14631

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:38:15.525715+00:00 GitLab Importer Fixing VCID-vfp6-4h8n-bkax https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-14630.yml 38.6.0
2026-06-02T04:38:15.415906+00:00 GitLab Importer Fixing VCID-x9vd-njdz-jua9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-14631.yml 38.6.0