In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-03-06
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-06
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-03-06
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.009
Published
2023-03-06
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
CVSS Score
5.4
EPSS Score
0.008
Published
2023-03-06
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
CVSS Score
5.3
EPSS Score
0.002
Published
2023-03-06
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-03-06
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
CVSS Score
9.8
EPSS Score
0.268
Published
2023-03-06
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVSS Score
9.8
EPSS Score
0.207
Published
2023-03-06