Search for packages
| purl | pkg:composer/moodle/moodle@3.5.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-336n-hpzg-euhd
Aliases: CVE-2019-3808 |
Cross-site Scripting The 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k73h-z6j8-gkgz
Aliases: CVE-2019-3810 |
Information Exposure The `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-bjnq-q2nd-1khp | Cross-Site Request Forgery (CSRF) The login form is not protected by a token to prevent login cross-site request forgery. |
CVE-2018-16854
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:39:01.914326+00:00 | GitLab Importer | Affected by | VCID-336n-hpzg-euhd | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3808.yml | 38.6.0 |
| 2026-06-02T04:39:01.546691+00:00 | GitLab Importer | Affected by | VCID-k73h-z6j8-gkgz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2019-3810.yml | 38.6.0 |
| 2026-06-02T04:38:38.463981+00:00 | GitLab Importer | Fixing | VCID-bjnq-q2nd-1khp | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2018-16854.yml | 38.6.0 |