Search for packages
| purl | pkg:composer/moodle/moodle@3.8.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bbj9-hpz3-xqhh
Aliases: CVE-2021-20279 GHSA-h7h6-fwpv-ggvx |
Cross-site Scripting The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-dpd2-1sqc-qqfy
Aliases: CVE-2021-20281 GHSA-93wh-35r4-6qmw |
Information Exposure It was possible for some users without permission to view other users' full names to do so via the online users block in moodle |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-gnez-ehgq-rfbr
Aliases: CVE-2021-20282 GHSA-grj4-g57c-9xmv |
Incorrect Authorization When creating a user account, it was possible to verify the account without having access to the verification email `link/secret` in moodle |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-jcq6-btgz-fkf6
Aliases: CVE-2021-20183 GHSA-xhfx-rm8q-c3xv |
Cross-site Scripting It was found in Moodle that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries. |
Affected by 6 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mqde-66zm-qbbj
Aliases: CVE-2021-20283 GHSA-2m72-m5cw-3g9h |
Incorrect Authorization The web service responsible for fetching other users' enrolled courses does not validate that the requesting user had permission to view that information in each course in moodle |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-pgfa-bkaw-q7cq
Aliases: CVE-2021-20280 GHSA-x2jp-hh65-4xvf |
Cross-site Scripting Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle |
Affected by 3 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mhm4-8kuk-t7b6 | Uncontrolled Resource Consumption It was found in Moodle that messaging does not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages. |
CVE-2021-20185
GHSA-c3j6-33r4-89q3 |
| VCID-mkfz-e1ft-2bcw | Code Injection It was found in Moodle that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication. |
CVE-2021-20187
GHSA-2jrm-gww7-wch2 |
| VCID-nntc-dsz1-e3fp | Cross-site Scripting It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS. |
CVE-2021-20186
GHSA-h8m4-h385-qhqv |
| VCID-zwkk-zazw-6fgg | Improper Validation of Integrity Check Value It was found in Moodle that a insufficient capability checks in some grade related web services meant students were able to view other students grades. |
CVE-2021-20184
GHSA-mm73-86f9-5x5c |