Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Specialized Software
  • Educational

Educational

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    26 Feb 2025 Specialized Software
    Moodle: Stored Cross-Site Scripting (XSS) in ddimageortext Question Type

    In Moodle versions up to 4.5.2 a low severity vulnerability CVE-2025-26528 was detected. This vulnerability stems from insufficient input sanitization in the ddimageortext question type, allowing attackers to inject malicious scripts that are executed when other users access the affected content. To address this issue, users should upgrade Moodle to versions 4.5.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26528.

    Read more
    Educational
    26 Feb 2025 Specialized Software
    Moodle: Stored Cross-Site Scripting (XSS) in Site Administration Live Log

    In Moodle versions up to 4.1.15, 4.3.9, 4.4.5 and 4.5.1 a high severity vulnerability CVE-2025-26529 was detected. This vulnerability arises from insufficient sanitization of input in the Site Administration Live Log, leading to a stored Cross-Site Scripting (XSS) risk. To address this issue, users should upgrade Moodle to versions 4.1.16, 4.3.10, 4.4.6 or 4.5.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26529.

    Read more
    Educational
    26 Feb 2025 Specialized Software
    Moodle: Reflected Cross-Site Scripting (XSS) in Question Bank Filter

    In Moodle versions up to 4.5.1 a high severity vulnerability CVE-2025-26530 was detected. This vulnerability results from insufficient sanitization in the question bank filter, allowing attackers to craft malicious URLs that execute arbitrary JavaScript in the victim’s browser. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6 or 4.3.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26530.

    Read more
    Educational
    25 Feb 2025 Specialized Software
    Moodle: Arbitrary File Read Vulnerability

    In Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, and 4.1.16 a high severity vulnerability CVE-2025-26525 was detected. This vulnerability allows attackers to exploit insufficient sanitization in the TeX notation filter when pdfTeX is available, leading to arbitrary file read risks on Moodle installations using TeX Live. To address this issue, users should upgrade Moodle to versions 4.5.2, 4.4.6, 4.3.10 or 4.1.16. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-26525.

    Read more
    Educational
    20 Nov 2024 Specialized Software
    Moodle: Vulnerability Allows Unauthorized Access to Report Schedules

    In Moodle versions starting from 0 before 4.1.0, from 4.1.0 before 4.1.14, from 4.2.0 before 4.2.11, from 4.3.0 before 4.3.8, and from 4.4.0 before 4.4.4 a medium severity vulnerability CVE-2024-48901 was detected. This vulnerability allows attackers to access and view the schedule of a report in Moodle without having the necessary permissions to edit it. To fix this issue, users should upgrade Moodle to versions 4.5.0-rc2 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-48901.

    Read more
    Educational
    20 Nov 2024 Specialized Software
    Moodle: Unauthorized User Name Exposure via Messaging Error

    In Moodle versions prior to 4.1.14, from 4.2.0 before 4.2.11, from 4.3.0 before 4.3.8, and from 4.4.0 before 4.4.4 a medium severity vulnerability CVE-2024-48896 was detected. This vulnerability allows users with “send message” rights to see names of other users through an error message, even if they shouldn’t have access. The displayed name follows the site’s configured full-name format. To fix this issue, users need to update to versions 4.1.14, 4.2.11, 4.3.8, or 4.4.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-48896.

    Read more
    Educational
    13 Nov 2024 Specialized Software
    Moodle: XSS Vulnerability in H5P Error Messages

    In Moodle versions 4.1.0 and above, prior to 4.1.12, 4.2.0 and above, prior to 4.2.9, 4.3.0 and above, prior to 4.3.6, 4.4.0 and above, prior to 4.4.2 a medium severity vulnerability CVE-2024-43439 was detected. This vulnerability allows H5P error messages to be exploited for cross-site scripting attacks, requiring improved sanitization. To fix this issue, users need to update to versions 4.1.12, 4.2.9, 4.3.6, 4.4.2, or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43439.

    Read more
    Educational
    13 Nov 2024 Specialized Software
    Moodle: Hidden Profile Fields Exposed in Gradebook

    In Moodle versions 4.4.0 and above, prior to 4.4.2, 4.3.0 and above, prior to 4.3.6, 4.2.0 and above, prior to 4.2.9, 4.1.0 and above, prior to 4.1.12 a medium severity vulnerability CVE-2024-43429 was detected. This vulnerability makes some hidden profile fields visible in gradebook reports. This allows users who shouldn’t see hidden fields to access them. To fix this issue, users need to update to versions 4.4.2, 4.3.6, 4.2.9, 4.1.12, or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-43429.

    Read more
    Educational
    13 Nov 2024 Specialized Software
    Moodle: XSS Risk Due to Insufficient Data Sanitization During Restore

    In Moodle versions 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11 a medium severity vulnerability CVE-2024-43437 was detected. This vulnerability allows attackers to inject malicious scripts into Moodle’s backup restore process, potentially leading to cross-site scripting attacks when users restore maliciously crafted backup files. To fix this issue, users should upgrade Moodle to version 4.4.2, 4.3.6, 4.2.9 and 4.1.12. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-43437.

    Read more
    Educational
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}