Moodle : Security Vulnerabilities, CVEs, Published In 2021 (XSS)
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-11-22
Updated
2022-12-21
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
Max CVSS
5.4
EPSS Score
0.07%
Published
2021-06-16
Updated
2021-06-21
Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Max CVSS
5.4
EPSS Score
0.28%
Published
2021-03-15
Updated
2021-11-30
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
Max CVSS
5.4
EPSS Score
0.08%
Published
2021-03-15
Updated
2021-03-23
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-01-28
Updated
2021-02-01
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
Max CVSS
5.4
EPSS Score
0.08%
Published
2021-01-28
Updated
2021-02-01
6 vulnerabilities found