{"url":"http://public2.vulnerablecode.io/api/packages/62815?format=json","purl":"pkg:composer/moodle/moodle@4.1.0","type":"composer","namespace":"moodle","name":"moodle","version":"4.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.1","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17142?format=json","vulnerability_id":"VCID-1vxe-caqu-kqab","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIf the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28332","reference_id":"","reference_type":"","scores":[{"value":"0.00837","scoring_system":"epss","scoring_elements":"0.74976","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28332"},{"reference_url":"https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445064","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445064"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28332","reference_id":"CVE-2023-28332","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28332"},{"reference_url":"https://github.com/advisories/GHSA-9f45-9qrw-pp4v","reference_id":"GHSA-9f45-9qrw-pp4v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9f45-9qrw-pp4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28332","GHSA-9f45-9qrw-pp4v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vxe-caqu-kqab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18775?format=json","vulnerability_id":"VCID-3898-265t-1yd5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nWiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5544","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38939","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243443","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243443"},{"reference_url":"https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451585","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451585"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5544","reference_id":"CVE-2023-5544","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5544"},{"reference_url":"https://github.com/advisories/GHSA-j5xf-gv89-g422","reference_id":"GHSA-j5xf-gv89-g422","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j5xf-gv89-g422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5544","GHSA-j5xf-gv89-g422"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3898-265t-1yd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18783?format=json","vulnerability_id":"VCID-3pgc-yptg-tuaa","summary":"Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nH5P metadata automatically populated the author with the user's username, which could be sensitive information.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5545","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51339","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5545"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243444","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243444"},{"reference_url":"https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451586","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451586"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5545","reference_id":"CVE-2023-5545","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5545"},{"reference_url":"https://github.com/advisories/GHSA-26fg-v32r-h663","reference_id":"GHSA-26fg-v32r-h663","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-26fg-v32r-h663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5545","GHSA-26fg-v32r-h663"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pgc-yptg-tuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17901?format=json","vulnerability_id":"VCID-4bfr-preb-afas","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nContent on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35131","reference_id":"","reference_type":"","scores":[{"value":"0.00892","scoring_system":"epss","scoring_elements":"0.75906","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35131"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=447829","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=447829"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35131","reference_id":"CVE-2023-35131","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64507?format=json","purl":"pkg:composer/moodle/moodle@4.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/64508?format=json","purl":"pkg:composer/moodle/moodle@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1"}],"aliases":["CVE-2023-35131"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4bfr-preb-afas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17891?format=json","vulnerability_id":"VCID-4k5r-agwn-ruea","summary":"Server-Side Request Forgery (SSRF)\nAn issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35133","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60394","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35133"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=447831","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=447831"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133","reference_id":"CVE-2023-35133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64507?format=json","purl":"pkg:composer/moodle/moodle@4.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/64508?format=json","purl":"pkg:composer/moodle/moodle@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1"}],"aliases":["CVE-2023-35133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4k5r-agwn-ruea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18786?format=json","vulnerability_id":"VCID-57pd-ath8-1yf9","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5539","reference_id":"","reference_type":"","scores":[{"value":"0.022","scoring_system":"epss","scoring_elements":"0.847","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243352","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243352"},{"reference_url":"https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451580","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5539","reference_id":"CVE-2023-5539","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5539"},{"reference_url":"https://github.com/advisories/GHSA-3xxm-3g3c-w579","reference_id":"GHSA-3xxm-3g3c-w579","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3xxm-3g3c-w579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5539","GHSA-3xxm-3g3c-w579"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57pd-ath8-1yf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17152?format=json","vulnerability_id":"VCID-5gh4-58jt-dfet","summary":"Moodle may display roles to users who don't have access to them\nThe course participation report required additional checks to prevent roles being displayed which the user does not have access to view.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1402","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1402"},{"reference_url":"https://github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f0a557bffbdb450648d0e4cedb391d14d8a0a253"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f0a557bffbdb450648d0e4cedb391d14d8a0a253"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445069","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445069"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1402","reference_id":"CVE-2023-1402","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1402"},{"reference_url":"https://github.com/advisories/GHSA-vj5p-fp42-774p","reference_id":"GHSA-vj5p-fp42-774p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vj5p-fp42-774p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-1402","GHSA-vj5p-fp42-774p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gh4-58jt-dfet"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18785?format=json","vulnerability_id":"VCID-5v9k-wk4u-uuf9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe course upload preview contained an XSS risk for users uploading unsafe data.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5547","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33706","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5547"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243447","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243447"},{"reference_url":"https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079"},{"reference_url":"https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451588","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451588"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5547","reference_id":"CVE-2023-5547","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5547"},{"reference_url":"https://github.com/advisories/GHSA-9gqp-3g28-w9xc","reference_id":"GHSA-9gqp-3g28-w9xc","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9gqp-3g28-w9xc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5547","GHSA-9gqp-3g28-w9xc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v9k-wk4u-uuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16906?format=json","vulnerability_id":"VCID-91z3-7wza-c7gs","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23921","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52371","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23921"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162526","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162526"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=443272#p1782021","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=443272#p1782021"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23921","reference_id":"CVE-2023-23921","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23921"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62819?format=json","purl":"pkg:composer/moodle/moodle@4.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1"}],"aliases":["CVE-2023-23921"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91z3-7wza-c7gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17140?format=json","vulnerability_id":"VCID-97gg-fuah-jqcq","summary":"Moodle SQL Injection vulnerability\nInsufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28329","reference_id":"","reference_type":"","scores":[{"value":"0.01296","scoring_system":"epss","scoring_elements":"0.80015","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28329"},{"reference_url":"https://github.com/moodle/moodle/commit/81e74af17f419f7910f81279efecf5c7af09f38d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/81e74af17f419f7910f81279efecf5c7af09f38d"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77046","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77046"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445061","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445061"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28329","reference_id":"CVE-2023-28329","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28329"},{"reference_url":"https://github.com/advisories/GHSA-72w2-j52c-7682","reference_id":"GHSA-72w2-j52c-7682","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-72w2-j52c-7682"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28329","GHSA-72w2-j52c-7682"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97gg-fuah-jqcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18790?format=json","vulnerability_id":"VCID-9rv1-hn65-dbhe","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5540","reference_id":"","reference_type":"","scores":[{"value":"0.022","scoring_system":"epss","scoring_elements":"0.847","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243432","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243432"},{"reference_url":"https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451581","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451581"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5540","reference_id":"CVE-2023-5540","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5540"},{"reference_url":"https://github.com/advisories/GHSA-w8x2-w4qr-v3x4","reference_id":"GHSA-w8x2-w4qr-v3x4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w8x2-w4qr-v3x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5540","GHSA-w8x2-w4qr-v3x4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rv1-hn65-dbhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17137?format=json","vulnerability_id":"VCID-a195-b6wc-xkbv","summary":"Moodle arbitrary file read vulnerability\nInsufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28330","reference_id":"","reference_type":"","scores":[{"value":"0.01084","scoring_system":"epss","scoring_elements":"0.78173","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28330"},{"reference_url":"https://github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/493205b6b280633bcbc49d2eaf4f61a52252c26c"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77204"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445062","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445062"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28330","reference_id":"CVE-2023-28330","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28330"},{"reference_url":"https://github.com/advisories/GHSA-56r9-72vx-q989","reference_id":"GHSA-56r9-72vx-q989","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-56r9-72vx-q989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28330","GHSA-56r9-72vx-q989"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a195-b6wc-xkbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18789?format=json","vulnerability_id":"VCID-a8pk-18gr-mubw","summary":"Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nSeparate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5551","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22185","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5551"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243453","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243453"},{"reference_url":"https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0"},{"reference_url":"https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a"},{"reference_url":"https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451592","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5551","reference_id":"CVE-2023-5551","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5551"},{"reference_url":"https://github.com/advisories/GHSA-jr83-8x65-xcr5","reference_id":"GHSA-jr83-8x65-xcr5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jr83-8x65-xcr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5551","GHSA-jr83-8x65-xcr5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8pk-18gr-mubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17138?format=json","vulnerability_id":"VCID-affq-4sqk-p7ad","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nContent output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28331","reference_id":"","reference_type":"","scores":[{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.76002","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28331"},{"reference_url":"https://github.com/moodle/moodle/commit/1899e0397350c4c2bb3e73773981f66f16f8f2fc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1899e0397350c4c2bb3e73773981f66f16f8f2fc"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=1899e0397350c4c2bb3e73773981f66f16f8f2fc","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=1899e0397350c4c2bb3e73773981f66f16f8f2fc"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445063","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445063"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28331","reference_id":"CVE-2023-28331","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28331"},{"reference_url":"https://github.com/advisories/GHSA-77jm-f3vj-xvx2","reference_id":"GHSA-77jm-f3vj-xvx2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-77jm-f3vj-xvx2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28331","GHSA-77jm-f3vj-xvx2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-affq-4sqk-p7ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18782?format=json","vulnerability_id":"VCID-aubk-tpgh-z7e2","summary":"Improper Authorization\nWhen duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77795","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77795"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5543","reference_id":"","reference_type":"","scores":[{"value":"0.00088","scoring_system":"epss","scoring_elements":"0.251","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243442","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243442"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451584","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451584"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5543","reference_id":"CVE-2023-5543","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5543"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aubk-tpgh-z7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16908?format=json","vulnerability_id":"VCID-bvne-5ym9-byaz","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23922","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52371","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23922"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162547","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162547"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=443273#p1782022","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=443273#p1782022"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23922","reference_id":"CVE-2023-23922","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23922"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62819?format=json","purl":"pkg:composer/moodle/moodle@4.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1"}],"aliases":["CVE-2023-23922"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvne-5ym9-byaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17532?format=json","vulnerability_id":"VCID-cmz4-8t2n-27ef","summary":"Moodle External Control of File Name or Path vulnerability\nThe vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30943","reference_id":"","reference_type":"","scores":[{"value":"0.26507","scoring_system":"epss","scoring_elements":"0.96417","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30943"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188605","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188605"},{"reference_url":"https://github.com/moodle/moodle/commit/59d42e1ed23f916dcb47d53c745bef18a116d800","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/59d42e1ed23f916dcb47d53c745bef18a116d800"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=446285","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=446285"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30943","reference_id":"CVE-2023-30943","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30943"},{"reference_url":"https://github.com/advisories/GHSA-22gj-8qj2-fj46","reference_id":"GHSA-22gj-8qj2-fj46","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22gj-8qj2-fj46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63865?format=json","purl":"pkg:composer/moodle/moodle@4.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.3"}],"aliases":["CVE-2023-30943","GHSA-22gj-8qj2-fj46"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmz4-8t2n-27ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18777?format=json","vulnerability_id":"VCID-cpxg-pzcj-73gn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5541","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33706","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243437","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243437"},{"reference_url":"https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451582","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5541","reference_id":"CVE-2023-5541","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5541"},{"reference_url":"https://github.com/advisories/GHSA-28gc-4qq5-8q26","reference_id":"GHSA-28gc-4qq5-8q26","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-28gc-4qq5-8q26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5541","GHSA-28gc-4qq5-8q26"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpxg-pzcj-73gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18781?format=json","vulnerability_id":"VCID-fb4d-p8pw-yka4","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nIn a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5550","reference_id":"","reference_type":"","scores":[{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81264","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5550"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243452","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243452"},{"reference_url":"https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451591","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451591"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5550","reference_id":"CVE-2023-5550","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5550"},{"reference_url":"https://github.com/advisories/GHSA-5cvx-cwpx-9rjh","reference_id":"GHSA-5cvx-cwpx-9rjh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5cvx-cwpx-9rjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5550","GHSA-5cvx-cwpx-9rjh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb4d-p8pw-yka4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18787?format=json","vulnerability_id":"VCID-gqwn-qskg-qbc7","summary":"Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability\nStronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5548","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51338","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5548"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243449","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243449"},{"reference_url":"https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451589","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5548","reference_id":"CVE-2023-5548","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5548"},{"reference_url":"https://github.com/advisories/GHSA-cwh2-q44x-5w3c","reference_id":"GHSA-cwh2-q44x-5w3c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cwh2-q44x-5w3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5548","GHSA-cwh2-q44x-5w3c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqwn-qskg-qbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17886?format=json","vulnerability_id":"VCID-jc4y-cpn8-6kgs","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nA limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35132","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.4914","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35132"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=447830","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=447830"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35132","reference_id":"CVE-2023-35132","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64507?format=json","purl":"pkg:composer/moodle/moodle@4.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/64508?format=json","purl":"pkg:composer/moodle/moodle@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1"}],"aliases":["CVE-2023-35132"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jc4y-cpn8-6kgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17150?format=json","vulnerability_id":"VCID-nr96-4dtm-kbf9","summary":"Moodle may allow authenticated users to enumerate other user's names via learning plans page\nAuthenticated users were able to enumerate other users' names via the learning plans page.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28334","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51327","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28334"},{"reference_url":"https://github.com/moodle/moodle/commit/0e3c8eb740e1e49a62a5f452cda7e06258712bbf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0e3c8eb740e1e49a62a5f452cda7e06258712bbf"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=0e3c8eb740e1e49a62a5f452cda7e06258712bbf","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=0e3c8eb740e1e49a62a5f452cda7e06258712bbf"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445066","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445066"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28334","reference_id":"CVE-2023-28334","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28334"},{"reference_url":"https://github.com/advisories/GHSA-hh52-g5c4-wprh","reference_id":"GHSA-hh52-g5c4-wprh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hh52-g5c4-wprh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28334","GHSA-hh52-g5c4-wprh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nr96-4dtm-kbf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18784?format=json","vulnerability_id":"VCID-p9vn-r312-1beg","summary":"Moodle Improper Access Control vulnerability\nInsufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5549","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49143","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5549"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243451","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243451"},{"reference_url":"https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451590","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5549","reference_id":"CVE-2023-5549","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5549"},{"reference_url":"https://github.com/advisories/GHSA-fm5h-58g2-4m3f","reference_id":"GHSA-fm5h-58g2-4m3f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fm5h-58g2-4m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5549","GHSA-fm5h-58g2-4m3f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vn-r312-1beg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18780?format=json","vulnerability_id":"VCID-qmcu-uyur-r7bg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5546","reference_id":"","reference_type":"","scores":[{"value":"0.02379","scoring_system":"epss","scoring_elements":"0.8525","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243445","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243445"},{"reference_url":"https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451587","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=451587"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5546","reference_id":"CVE-2023-5546","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5546"},{"reference_url":"https://github.com/advisories/GHSA-9724-h8p7-r3jv","reference_id":"GHSA-9724-h8p7-r3jv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9724-h8p7-r3jv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"}],"aliases":["CVE-2023-5546","GHSA-9724-h8p7-r3jv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcu-uyur-r7bg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17143?format=json","vulnerability_id":"VCID-rb6y-r3se-jya9","summary":"Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input\nThe Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28333","reference_id":"","reference_type":"","scores":[{"value":"0.01064","scoring_system":"epss","scoring_elements":"0.77972","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28333"},{"reference_url":"https://github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445065","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445065"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28333","reference_id":"CVE-2023-28333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28333"},{"reference_url":"https://github.com/advisories/GHSA-q2x3-2f9g-h559","reference_id":"GHSA-q2x3-2f9g-h559","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q2x3-2f9g-h559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28333","GHSA-q2x3-2f9g-h559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rb6y-r3se-jya9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17533?format=json","vulnerability_id":"VCID-s3wm-bype-73bh","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nThe vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77187"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30944","reference_id":"","reference_type":"","scores":[{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.7813","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-30944"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188606","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2188606"},{"reference_url":"https://github.com/moodle/moodle/commit/5521d1d6e8bb8bebb76ad8154095f6b18ea26e7f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5521d1d6e8bb8bebb76ad8154095f6b18ea26e7f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=446286","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=446286"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30944","reference_id":"CVE-2023-30944","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-30944"},{"reference_url":"https://github.com/advisories/GHSA-7mmc-22g7-3xq2","reference_id":"GHSA-7mmc-22g7-3xq2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7mmc-22g7-3xq2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63865?format=json","purl":"pkg:composer/moodle/moodle@4.1.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.3"}],"aliases":["CVE-2023-30944","GHSA-7mmc-22g7-3xq2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3wm-bype-73bh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17134?format=json","vulnerability_id":"VCID-u1r6-67qc-37cg","summary":"Cross-Site Request Forgery (CSRF)\nThe link to reset all templates of a database activity does not include the necessary token to prevent a CSRF risk.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28335","reference_id":"","reference_type":"","scores":[{"value":"0.0037","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28335"},{"reference_url":"https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445067","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445067"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28335","reference_id":"CVE-2023-28335","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28335"},{"reference_url":"https://github.com/advisories/GHSA-wxmq-v9gx-75pg","reference_id":"GHSA-wxmq-v9gx-75pg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wxmq-v9gx-75pg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28335","GHSA-wxmq-v9gx-75pg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1r6-67qc-37cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17144?format=json","vulnerability_id":"VCID-v9pe-asg8-37hv","summary":"Moodle may allow teachers to access the names of users they could not otherwise access\nInsufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28336","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61377","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28336"},{"reference_url":"https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a931a7f8cec3657827268837b27962a13817ca2b"},{"reference_url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b","reference_id":"","reference_type":"","scores":[],"url":"https://git.moodle.org/gw?p=moodle.git;a=commit;h=a931a7f8cec3657827268837b27962a13817ca2b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=445068","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=445068"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28336","reference_id":"CVE-2023-28336","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28336"},{"reference_url":"https://github.com/advisories/GHSA-prjm-2fj2-787f","reference_id":"GHSA-prjm-2fj2-787f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-prjm-2fj2-787f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63204?format=json","purl":"pkg:composer/moodle/moodle@4.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.2"}],"aliases":["CVE-2023-28336","GHSA-prjm-2fj2-787f"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9pe-asg8-37hv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16909?format=json","vulnerability_id":"VCID-zhhy-m421-nffk","summary":"Improper Access Control\nThe vulnerability was found Moodle which exists due to insufficient limitations on the \"start page\" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23923","reference_id":"","reference_type":"","scores":[{"value":"0.00319","scoring_system":"epss","scoring_elements":"0.55266","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-23923"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162549","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2162549"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=443274#p1782023","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=443274#p1782023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23923","reference_id":"CVE-2023-23923","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-23923"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62819?format=json","purl":"pkg:composer/moodle/moodle@4.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1"}],"aliases":["CVE-2023-23923"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zhhy-m421-nffk"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0"}