Search CVE reports
121 – 130 of 637 results
The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation |