Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.

Moodle Cross-site Scripting vulnerability

moodle: Some users can delete audiences of other reports

Exposure of Sensitive Information in moodle

Moodle allows remote authenticated users to cause a denial of service (invalid database records)

Moodle IDOR when deleting OAuth2 linked accounts

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

Moodle reflected XSS Vulnerability

Moodle vulnerable to PHP object injection attacks

Moodle allows attackers to obtain sensitive information

Moodle allows bypass of intended access restrictions

Moodle cross-site scripting (XSS) vulnerability

Cross-site Scripting in Moodle Chat

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search.

Moodle multiple cross-site scripting (XSS) vulnerabilities

Moodle incorrect access control

Moodle cross-site request forgery (CSRF) vulnerability

Moodle SQL Injection vulnerability

Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.