A flaw was found in Moodle. Additional restrictions are required to avoid a remote code executi…

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.

The vulnerability was found in Moodle, occurs due to input validation error when importing less…

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in …

Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs b…

An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentional…

A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.…

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.…

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign thems…

Moodle 3.x has Server Side Request Forgery in the filepicker.

In Moodle 2.x and 3.x, SQL injection can occur via user preferences.

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and…

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including…

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4…

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWa…

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.

The vulnerability was found Moodle which exists because the application allows a user to contro…

The vulnerability was found in Moodle, occurs due to improper input validation when parsing Pos…

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before…

A flaw was found in moodle where logic used to count failed login attempts could result in the …

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x be…

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 thr…

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 thr…

moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos cou…

Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote …

Unrestricted file upload vulnerability in the double extension support in the "image" module in…

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other ve…

SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for M…

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules …

The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2…

The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk.…

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due …

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) librar…

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient acce…

A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupp…

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle throu…

jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jum…

A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 …

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x be…

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers t…