Moodle Open Redirect in Calendar Set Page

Moodle Allows Modification of Constants

Moodle has a Hidden Functionality vulnerability

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough

Moodle Private files uploaded via incoming mail processing could bypass quota restrictions

Moodle allows users to retrieve information they did not have permission to access

Moodle Cross-site Scripting vulnerability

Moodle Session Fixation vulnerability

Moodle cross-site scripting (XSS) vulnerability

Moodle places a session key in a URL

Moodle does not force password changes for autosubscribed users

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.

Moodle Open Redirect Via Error Messages

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Moodle multiple cross-site scripting (XSS) vulnerabilities

Moodle Setting for blocked hosts list can be bypassed with multiple A record hostnames

Moodle cross-site request forgery (CSRF) vulnerability

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

Moodle sensitive information disclosure

Moodle reflected XSS via H5P error message