Moodle sensitive information disclosure

Moodle allows attackers to enter additional answer attempts

Moodle Authenticated LFI risk in some misconfigured shared hosting environments

Moodle Grade information disclosure in grade's external fetch functions

Moodle Reflected XSS in mod_data advanced search

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords.

Moodle stored Cross-site Scripting (XSS)

Moodle does not enforce the moodle/site:accessallgroups capability requirement

moodle: IDOR when fetching report schedules

Moodle open redirect vulnerability

Moodle vulnerable to Cross-Site Request Forgery

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Moodle has a CSRF risk in Brickfield tool's analysis request action

Moodle multiple cross-site scripting (XSS) vulnerabilities

Moodle allows attackers to obtain sensitive category-detail information

Moodle improper access control

Moodle is vulnerable to Improper Input Validation in MoodleQuickForm class

Moodle vulnerable to brute-force password guesses

A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode.

Insufficient user authorization in Moodle