In Moodle versions 4.4 to 4.4.1, 4.3 to 4.3.5, 4.2 to 4.2.8, 4.1 to 4.1.11 a medium severity vulnerability CVE-2024-43437 was detected. This vulnerability allows attackers to inject malicious scripts into Moodle’s backup restore process, potentially leading to cross-site scripting attacks when users restore maliciously crafted backup files. To fix this issue, users should upgrade Moodle to version 4.4.2, 4.3.6, 4.2.9 and 4.1.12. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-43437.
Read more EducationalIn Virtual Programming Lab for Moodle versions up to v4.2.3 a medium severity vulnerability CVE-2024-34312 was detected. This issue allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access or manipulation of user data. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34312.
Read more EducationalIn Moodle versions 4.4, 4.3 to 4.3.4, 4.2 to 4.2.7, and 4.1 to 4.1.10 a medium severity vulnerability, CVE-2024-38273, was detected. Affected versions of this package are vulnerable to improper access control due to insufficient checks, which can allow an attacker to gain unauthorized access to sensitive meeting URLs. To fix this issue, users need to upgrade Moodle to version 4.1.11, 4.2.8, 4.3.5, 4.4.1, or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38273.
Read more EducationalIn Moodle a low severity vulnerability CVE-2024-38275 was detected. Due to the flaw, sensitive authorization information could be mistakenly sent to different websites during redirects. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38275/.
Read more EducationalIn Moodle a low severity vulnerability CVE-2024-38274 was detected. This issue allows harmful code to be stored in calendar event titles, posing a risk when deleting events due to improper handling of user input. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38274/.
Read more EducationalIn Moodle a low severity vulnerability CVE-2024-38276 was detected. This vulnerability allows attackers to steal sensitive data from users. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38276/.
Read more EducationalIn Moodle versions 4.4, 4.3 to 4.3.4, 4.2 to 4.2.7, 4.1 to 4.1.10 and earlier a medium severity vulnerability CVE-2024-38277 was detected. It involves the use of cryptographic keys or passwords beyond their expiration date. This oversight extends the window during which these credentials could be vulnerable to cracking attacks, emphasizing the critical need for timely key and password management to uphold robust security measures. To fix this issue, users should upgrade Moodle to versions 4.4.1, 4.3.5, 4.2.8 and 4.1.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38277/.
Read more EducationalIn Moodle CMS version 3.10 a low severity vulnerability CVE-2024-37674 was detected. This vulnerability allows a remote attacker to run any code they want through the name parameter when creating a new activity. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37674/.
Read more EducationalIn Moodle versions from 4.0 through 4.3.3, from 4.2 through 4.2.6, and from 4.1 through 4.1.9 a medium severity vulnerability CVE-2024-34008 was detected. Admin actions for managing analytics models lacked the token needed to prevent CSRF risks. CSRF involves unauthorized requests made on behalf of a user without their consent. There is no proper solution yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34008.
Read more Educational