moodle/moodle vulnerabilities

licenses detected
- GPL-3.0
  >=v2.3.4, <v2.5.0-beta; >=v3.2.0-beta
- (GPL-3.0 OR LGPL-2.1 OR MIT)
  >=v2.5.0-beta, <v3.2.0-beta

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the moodle/moodle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Unrestricted Upload of File with Dangerous Type	>=2.0.1
C Server-Side Request Forgery (SSRF)	<3.9.18 >=3.11, <3.11.11 >=4.0, <4.0.5
H Weak Password Recovery Mechanism for Forgotten Password	<2.7.16 >=2.9, <2.9.8 >=3.0, <3.0.6 >=3.1, <3.1.2
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	>=2.8, <2.8.10 >=2.9, <2.9.4 >=3.0, <3.0.2
M Cross-Site Scripting (XSS)	>=3.11, <3.11.11 >=4.0, <4.0.5
M Improper Input Validation	<3.1.18 >=3.4, <3.4.9 >=3.5, <3.5.6 >=3.6, <3.6.4
M Information Exposure	<3.1.7 >=3.2, <3.2.4 >=3.3, <3.3.1
M Information Exposure	>=3.1, <3.1.1
M Improper Input Validation	>=2.7, <2.7.18 >=3.0, <3.0.8 >=3.1, <3.1.4 >=3.2, <3.2.1
M Cross-Site Scripting (XSS)	<3.9.18 >=3.11, <3.11.11 >=4.0, <4.0.5
M Information Exposure Through an Error Message	>=3.10, <3.10.4
M Cross-site Scripting (XSS)	>=3.1, <3.1.12 >=3.2, <3.2.9 >=3.3, <3.3.6 >=3.4, <3.4.3
M Improper Access Control	<3.5.7 >=3.6.0, <3.6.5 >=3.7.0, <3.7.1
M Server-side Request Forgery (SSRF)	<3.9.15 >=3.11, <3.11.8 >=4.0, <4.0.2
M Improper Access Control	<3.5.7 >=3.6.0, <3.6.5 >=3.7.0, <3.7.1
M Information Exposure	>=3.10, <3.10.4 >=3.9, <3.9.7 >=3.8, <3.8.9 >=3.5, <3.5.18
M Cross-Site Request Forgery (CSRF)	>=2.7, <2.7.20 >=3.0, <3.0.10 >=3.1, <3.1.6 >=3.2, <3.2.3
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<3.1.4 >=3.2, <3.2.1
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	<3.5.16 >=3.8, <3.8.7 >=3.9, <3.9.4 >=3.10, <3.10.1
M Improper Access Control	<2.7.14 >=2.8, <2.8.12 >=2.9, <2.9.6 >=3.0, <3.0.3
M URL Redirection to Untrusted Site ('Open Redirect')	<3.5.9 >=3.6, <3.6.7 >=3.7, <3.7.3
M Exposure of Resource to Wrong Sphere	>=2.7, <2.7.20 >=3.0, <3.0.10 >=3.1, <3.1.6 >=3.2, <3.2.3
M Cross-site Scripting (XSS)	>=3.5, <3.5.9 >=3.6, <3.6.7 >=3.7, <3.7.3
C SQL Injection	>=2.7.0, <2.7.19 >=3.0.0, <3.0.9 >=3.1.0, <3.1.5 >=3.2.0, <3.2.2
H Improper Control of Generation of Code ('Code Injection')	>=3.5, <3.5.16 >=3.8, <3.8.7 >=3.9, <3.9.4 >=3.10, <3.10.1
C Improper Input Validation	>=3.9.0, <3.9.15 >=3.11.0, <3.11.8 >=4.0.0, <4.0.2
C Server-Side Request Forgery (SSRF)	>=3.1.0, <3.1.16
M Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	>=0.0.0
M Cross-site Scripting (XSS)	>=3.10.9
M Improper Input Validation	<4.1.9 >=4.2, <4.2.6 >=4.3, <4.3.3
M Cross-Site Request Forgery (CSRF)	<4.1.9 >=4.2, <4.2.6 >=4.3, <4.3.3
M Authorization Bypass	<4.1.9 >=4.2, <4.2.6 >=4.3, <4.3.3
H Denial of Service (DoS)	<4.1.9 >=4.2, <4.2.6 >=4.3, <4.3.3
M Authorization Bypass	<4.1.9 >=4.2, <4.2.6 >=4.3, <4.3.3
L Improper Authorization	<4.1.9 >=4.2, <4.2.6 >=4.4, <4.3.3
M Improper Access Control	>=0.0.0
M Improper Access Control	<2.7.14 >=2.8, <2.8.12 >=2.9, <2.9.6 >=3.0, <3.0.4
M Improper Access Control	<2.5.8 >=2.6.0, <2.6.5 >=2.7.0, <2.7.2
M Cross-site Scripting	<2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.6.3
H Improper Control of Generation of Code ('Code Injection')	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
H Cross-Site Request Forgery (CSRF)	<2.6.7 >=2.7.0, <2.7.4 >=2.8.0, <2.8.2
M Information Exposure Through an Error Message	>=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Information Exposure	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Improper Access Control	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Improper Access Control	<2.6.11 >=2.7.0-beta, <2.7.8 >=2.8.0-beta, <2.8.6
M Cross-site Scripting	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Information Exposure	<2.6.11 >=2.7.0-beta, <2.7.8 >=2.8.0-beta, <2.8.6
M Improper Access Control	<2.7.11 >=2.8.0-beta, <2.8.9 >=2.9.0-beta, <2.9.3
M Information Exposure Through an Error Message	<2.7.11 >=2.8.0-beta, <2.8.9 >=2.9.0-beta, <2.9.3
M Information Exposure Through an Error Message	<2.7.13 >=2.8.0-beta, <2.8.11 >=2.9.0-beta, <2.9.5 >=3.0.0-beta, <3.0.3
M Cross-site Scripting	<2.7.10 >=2.8.0-beta, <2.8.8 >=2.9.0-beta, <2.9.2
M Information Exposure	<2.7.13 >=2.8.0, <2.8.11 >=2.9.0, <2.9.5 >=3.0.0, <3.0.3
M Cross-site Scripting	>=2.8.0, <2.8.2
M Improper Access Control	<2.6.11 >=2.7.0, <2.7.8 >=2.8.0, <2.8.6
M Improper Access Control	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Improper Access Control	<2.7.13 >=2.8, <2.8.11 >=2.9, <2.9.5 >=3.0, <3.0.3
M Information Exposure	<2.7.13 >=2.8.0, <2.8.11 >=2.9.0, <2.9.5 >=3.0.0, <3.0.3
M Improper Input Validation	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Information Exposure	>=2.8.0, <2.8.11 >=2.9.0, <2.9.5 >=3.0.0, <3.0.3
M Improper Access Control	<2.7.10 >=2.8.0, <2.8.8 >=2.9.0, <2.9.2
M Information Exposure Through an Error Message	<2.7.10 >=2.8.0, <2.8.8 >=2.9.0, <2.9.2
M Improper Access Control	<2.6.7 >=2.7.0, <2.7.4 >=2.8.0, <2.8.2
M Improper Access Control	>=2.8.0, <2.8.11 >=2.9.0, <2.9.5 >=3.0.0, <3.0.3
M Cross-Site Request Forgery (CSRF)	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Cross-site Scripting (XSS)	<2.6.11 >=2.7.0-beta, <2.7.8 >=2.8.0-beta, <2.8.6
M Cross-site Scripting (XSS)	<2.6.11 >=2.7.0-beta, <2.7.8 >=2.8.0-beta, <2.8.6
M Improper Access Control	<2.7.10 >=2.8.0-beta, <2.8.8 >=2.9.0-beta, <2.9.2
M Cross-site Scripting (XSS)	<2.6.7 >=2.7.0-beta, <2.7.4 >=2.8.0-beta, <2.8.2
M Improper Access Control	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Cross-site Scripting (XSS)	<2.7.11 >=2.8.0-beta, <2.8.9 >=2.9.0-beta, <2.9.3
M Cross-site Scripting (XSS)	<2.5.9 >=2.6.0-beta, <2.6.6 >=2.7.0-beta, <2.7.3
M Cross-site Scripting (XSS)	<2.7.13 >=2.8.0-beta, <2.8.11 >=2.9.0-beta, <2.9.5 >=3.0.0-beta, <3.0.3
M Cross-site Scripting (XSS)	<2.7.9 >=2.8.0-beta, <2.8.7 >=2.9.0-beta, <2.9.1
H Cross-Site Request Forgery (CSRF)	<2.6.7 >=2.7.0-beta, <2.7.4 >=2.8.0-beta, <2.8.2
M Cross-site Scripting (XSS)	<2.7.9 >=2.8.0-beta, <2.8.7 >=2.9.0-beta, <2.9.1
M Cross-site Scripting (XSS)	<2.7.13 >=2.8.0-beta, <2.8.11 >=2.9.0-beta, <2.9.5 >=3.0.0-beta, <3.0.3
M Arbitrary File Read	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Improper Handling of Insufficient Permissions or Privileges	<2.6.7 >=2.7.0-beta, <2.7.4 >=2.8.0-beta, <2.8.2
M Information Exposure	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Information Exposure	<2.6.11 >=2.7.0-beta, <2.7.8 >=2.8.0-beta, <2.8.6
M Regular Expression Denial of Service (ReDoS)	<2.6.7 >=2.7.0-beta, <2.7.4 >=2.8.0-beta, <2.8.2
M Regular Expression Denial of Service (ReDoS)	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Path Traversal	<2.6.8 >=2.7.0-beta, <2.7.5 >=2.8.0-beta, <2.8.3
M Information Exposure	<2.6.7 >=2.7.0-beta, <2.7.4 >=2.8.0-beta, <2.8.2
M Improper Handling of Insufficient Privileges	<2.7.10 >=2.8.0-beta, <2.8.8 >=2.9.0-beta, <2.9.2
H Server-Side Request Forgery (SSRF)	<2.4.1
M Open Redirect	<2.6.11 >=2.7.0-beta, <2.7.9 >=2.9.0-beta, <2.9.1 >=2.8.0-beta, <2.8.7
M Information Exposue	<2.6.9 >=2.7.0-beta, <2.7.6 >=2.8.0-beta, <2.8.4
M Small Space of Random Values	<2.7.10 >=2.8.0-beta, <2.8.8 >=2.9.0-beta, <2.9.2
H Cross-Site Request Forgery (CSRF)	<2.7.13 >=2.8.0-beta, <2.8.11 >=2.9.0-beta, <2.9.5 >=3.0.0-beta, <3.0.3
H Cross-Site Request Forgery (CSRF)	<2.7.11 >=2.8.0-beta, <2.8.9 >=2.9.0-beta, <2.9.3
H Cross-Site Request Forgery (CSRF)	<2.7.14 >=2.8.0-beta, <2.8.12 >=2.9.0-beta, <2.9.6 >=3.0.0-beta, <3.0.4
M Cross-Site Request Forgery (CSRF)	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Cross-site Scripting	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Cross-site Scripting	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Cross-site Scripting	>=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Improper Access Control	>=2.6.0, <2.6.2
M Improper Access Control	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
H Uncontrolled Resource Consumption ('Resource Exhaustion')	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Cross-site Scripting	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Improper Access Control	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Cross-site Scripting	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Improper Access Control	>=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Cross-site Scripting	>=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Authorization Bypass	>=2.7.0, <2.7.3
M Improper Access Control	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Improper Authorization	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Cross-site Scripting (XSS)	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
H Information Exposure	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
H Cross-Site Request Forgery (CSRF)	<2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Information Exposure	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Information Exposure	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
H Cross-Site Request Forgery (CSRF)	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
H Cross-Site Request Forgery (CSRF)	>=2.4.0, <2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.6.3
M Cross-site Request Forgery (CSRF)	>=2.4.0, <2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.6.3
M Authentication Bypass	>=2.4.0, <2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Improper Authentication	>=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Improper Authentication	>=2.4, <2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.6.3
M Information Exposure	>=2.6.0, <2.6.3
C Privilege Defined With Unsafe Actions	<2.3.5 >=2.4.0-rc1, <2.4.2
M Improper Access Control	<2.3.7 >=2.4.0, <2.4.4
M Improper Access Control	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
H Information Exposure	<2.3.7 >=2.4.0, <2.4.4
M Information Exposure Through an Error Message	<2.3.5 >=2.4.0, <2.4.2
M Improper Access Control	<2.3.5 >=2.4.0, <2.4.2
M Information Exposure Through an Error Message	<2.3.5 >=2.4.0, <2.4.2
M Information Exposure	<2.3.5 >=2.4.0, <2.4.2
M Improper Access Control	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Cross-site Scripting (XSS)	<2.4.9 >=2.5.0, <2.5.5 >=2.6.0, <2.6.2
M Improper Access Control	<2.3.5 >=2.4.0, <2.4.2
H Information Exposure	<2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0-beta, <2.7.1
M Improper Authentication	>=2.3, <2.3.4
M Improper Access Control	<1.9.17 >=2.0, <=2.0.8 >=2.1, <=2.1.5 >=2.2, <=2.2.2
M Improper Input Validation	>=2.1.0, <=2.1.19 >=2.2.0, <=2.2.7 >=2.3.0, <=2.3.4 >=2.4, <2.4.1
M Information Exposure Through an Error Message	<1.9.17 >=2.0, <2.0.8 >=2.1, <2.1.5 >=2.2, <2.2.2
L Cross-site Scripting (XSS)	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Improper Control of Generation of Code ('Code Injection')	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
L Improper Access Control	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Cross-site Scripting (XSS)	>=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Interpretation Conflict	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Improper Access Control	>=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Improper Access Control	>=4.2.2, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
L Information Exposure	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Cross-site Scripting (XSS)	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Cross-site Scripting (XSS)	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Arbitrary Code Injection	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Information Exposure	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Improper Control of Generation of Code ('Code Injection')	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Access Restriction Bypass	<2.7.17 >=2.8.0, <2.9.9 >=3.0.0, <3.0.7 >=3.1.0, <3.1.3
M Improper Input Validation	>=2.7.0, <2.7.15 >=2.8.0, <2.9.7 >=3.0.0, <3.0.5 >=3.1.0, <3.1.1
M Information Exposure	<2.9.7 >=3.0, <3.0.5 >=3.1.0, <3.1.1
M Information Exposure	>=3.0, <3.0.3 >=2.9, <2.9.5 >=2.8, <2.8.11 <2.7.13
M Information Exposure	>=3.0, <3.0.2 >=2.9, <2.9.4 >=2.8, <2.8.10 <2.7.12
M Information Exposure	>=2.7.0, <2.7.14 >=2.8.0, <2.8.12 >=2.9.0, <2.9.6 >=3.0.0, <3.0.4
M Cross-site Scripting (XSS)	>=2.4.0, <2.4.2 >=2.3.0, <2.3.5 >=2.2.0, <2.2.8 >=2.0.0, <2.1.10
M Information Exposure	<2.2.11 >=2.3.0, <2.3.7 >=2.4.0, <2.4.4
H Improper Input Validation	<2.1.11 >=2.2.0, <2.2.10 >=2.3.0, <2.3.7 >=2.4.0, <2.4.4
H Arbitrary Code Execution	<2.5.3
M Insecure Defaults	>=2.5.0, <2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Access Restriction Bypass	>=2.4.0, <2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.7.0
M Arbitrary Code Execution	>=2.4.0, <2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Arbitrary File Read	>=2.4.0, <2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Cross-site Scripting (XSS)	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Cross-site Scripting (XSS)	<3.1.2
M Cross-site Scripting (XSS)	<2.6.9 >=2.7.0, <2.7.6 >=2.8.0, <2.8.4
M Open Redirect	<2.6.11 >=2.7, <2.7.8 >=2.8, <2.8.6
M Authorization Bypass	>=2.9.0, <2.9.3
M Incorrect Permission Assignment for Critical Resource	<3.5.9 >=3.6.0, <3.6.7 >=3.7.0, <3.7.3
M Information Exposure	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Cross-site Scripting (XSS)	>=3.1, <3.1.5 >=3.2, <3.2.2
M Improper Privilege Management	>=3.1.0, <3.1.7 >=3.2.0, <3.2.4 >=3.3.0, <3.3.1
M Information Exposure	>=3.1.0, <3.1.8 >=3.2.0, <3.2.5 >=3.3.0, <3.3.2
M Cross-site Scripting (XSS)	>=3.1.0, <3.1.8 >=3.2.0, <3.2.5 >=3.3.0, <3.3.2
M Information Exposure	>=3.3, <3.3.1
M Cross-site Scripting (XSS)	<3.1.16 >=3.4, <3.4.7 >=3.5, <3.5.4 >=3.6, <3.6.2
M Server-side Request Forgery (SSRF)	>=3.5, <3.5.4
M Cross-site Scripting (XSS)	>=3.1.0, <3.1.15 >=3.4.0, <3.4.6 >=3.5.0, <3.5.3 >=3.6.0, <3.6.1
M Improper Authentication	>=3.5.0, <3.5.9 >=3.6.0, <3.6.7 >=3.7.0, <3.7.3
M Cross-site Scripting (XSS)	>=3.7.0, <3.7.2
H Cross-site Request Forgery (CSRF)	>=3.5.0, <3.5.6 >=3.6.0, <3.6.4 >=3.7.0, <3.7.1
M Cross-site Scripting (XSS)	>=3.7, <3.7.7 >=3.8, <3.8.4 >=3.9, <3.9.1
M Cross-site Scripting (XSS)	>=3.8, <3.8.1
M Cross-site Scripting (XSS)	>=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
H Server-side Request Forgery (SSRF)	>=3.9.0, <3.9.22 >=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
M SQL Injection	>=3.9.0, <3.9.22 >=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
M Cross-site Scripting (XSS)	>=0.0.0
H SQL Injection	>=3.9, <3.9.21 >=3.11, <3.11.14 >=4.0, <4.0.8 >=4.1, <4.1.3
M External Control of File Name or Path	>=4.1.0, <4.1.3
M Authorization Bypass	<3.9.16 >=3.11.0, <3.11.9 >=4.0.0, <4.0.3
M Cross-site Request Forgery (CSRF)	>=4.1.0, <4.1.2
H Arbitrary Code Injection	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	>=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Arbitrary File Read	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
H SQL Injection	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Incorrect Default Permissions	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Hidden Functionality	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Improper Input Validation	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<3.11.1
M Incorrect Default Permissions	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H SQL Injection	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H SQL Injection	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Remote Code Execution (RCE)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Server-side Request Forgery (SSRF)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Denial of Service (DoS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<4.0.6 >=4.1.0, <4.1.1
M Cross-site Scripting (XSS)	<3.9.19 >=3.11.0, <3.11.12 >=4.0.0, <4.0.6 >=4.1.0, <4.1.1
M Access Restriction Bypass	<3.9.19 >=3.11.0, <3.11.12 >=4.0.0, <4.0.6 >=4.1.0, <4.1.1
L Cross-site Request Forgery (CSRF)	>=3.9.0, <3.9.18 >=3.11.0, <3.11.11 >=4.0.0, <4.0.5
M Cross-site Request Forgery (CSRF)	>=3.11, <3.11.9 >=4.0, <4.0.3
M Cross-site Scripting (XSS)	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
H Arbitrary Code Execution	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
L SQL Injection	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
M Information Exposure	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
M Cross-site Scripting (XSS)	>=0.0.0
H Improper Authorization	<3.5.13 >=3.6.0, <3.7.7 >=3.8.0, <3.8.4 >=3.9.0, <3.9.1
M Improper Input Validation	<3.9.15 >=3.10.0-beta, <3.11.8 >=4.0.0-beta, <4.0.2
C SQL Injection	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Calculation	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Information Exposure	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Cross-site Scripting (XSS)	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M External Control of Assumed-Immutable Web Parameter	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Authorization	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
H Improper Authentication	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
M SQL Injection	<3.9.13 >=3.10.0, <3.10.10 >=3.11.0, <3.11.6
M SQL Injection	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Cross-site Scripting (XSS)	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Denial of Service (DoS)	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Information Exposure	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Cross-site Scripting (XSS)	<3.5.18 >=3.8, <3.8.8 >=3.9, <3.9.7 >=3.10, <3.10.4
C SQL Injection	>=3.11, <3.11.5
L Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
H Cross-site Request Forgery (CSRF)	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Arbitrary File Read	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Information Exposure	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Access Control	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Authentication	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Access Restriction Bypass	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
H Arbitrary Code Execution	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Improper Authorization	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
H Cross-site Request Forgery (CSRF)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=0.0.0
M Improper Input Validation	<3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
L Improper Authentication	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Improper Authorization	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Improper Authorization	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0, <3.10.1
L Information Disclosure	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7
L Denial of Service (DoS)	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7 >3.5.0, <3.5.16
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2
M Denial of Service (DoS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2 >=3.8.0, <3.8.5 >=3.7.0, <3.7.8
H Privilege Escalation	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Sensitive Data Exposure	>=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Cross-site Scripting (XSS)	>=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
H Arbitrary Code Execution	>=3.8.0, <3.8.3 >=3.7.0, <3.7.6 >=3.6.0, <3.6.10 >=3.5.0, <3.5.12
H Information Exposure	<3.7.2
L Information Exposure	>=3.6, <3.6.4
M Open Redirect	<3.1.18 >=3.4, <3.4.9 >=3.5, <3.5.6 >=3.6, <3.6.4
L Security Issue	<3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Information Exposure	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
L Security Issue	>=3.1.0, <3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	<3.6.3
M Permissions Issue	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	>=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Cross-site Request Forgery (CSRF)	<3.1.15 >=3.2.0, <3.3.9 >=3.4.0, <3.4.6 >=3.5.0, <3.5.3
H Arbitrary Code Execution	<3.1.14 >=3.3.0, <3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
M Cross-site Scripting (XSS)	<3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
H Arbitrary Code Execution	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
H Denial of Service (DoS)	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	>3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
H Arbitrary Code Execution	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
C Authentication Bypass	>=3.3, <3.3.5 >=3.4, <3.4.2
M Authentication Bypass	>=3.1, <3.1.11 >=3.2, <3.2.8 >=3.3, <3.3.5 >=3.4, <3.4.2
M Information Exposure	>=3.1, <3.1.9 >=3.2, <3.2.6 >=3.3, <3.3.2
M Cross-site Scripting (XSS)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4
M Server Side Request Forgery (SSRF)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4 >=3.4, <3.4.1
M Blacklist Bypass	>=3.4, <3.4.1 >=3.3, <3.3.4 >=3.2, <3.2.7
M Arbitrary E-mail Header Injection	<1.9.16 >=2.0.0, <2.0.7 >=2.1.0, <2.1.4 >=2.2.0, <2.2.1
M Information Exposure	>=3.4, <3.4.1 >=3.3, <=3.3.3 >=3.2, <=3.2.6 >=3.1, <=3.1.9

moodle/moodle vulnerabilities

licenses detected

Direct Vulnerabilities