In Moodle 3.x, there is XSS in the assignment submission page.

In Moodle 3.x, there is XSS in the assignment submission page.

In Moodle 3.x, there is XSS in the assignment submission page.

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes i ...

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

In Moodle 3.x, students can find out email addresses of other students ...

In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.

In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.

In Moodle 3.x, various course reports allow teachers to view details a ...

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

Moodle 3.x has XSS in the contact form on the "non-respondents" page i ...

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before ...

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.