A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.

A flaw was found in Moodle. Additional restrictions are required to avoid a remote code execution risk in calculated question types. Note: This requires the capability to add/update questions.

A flaw was found in Moodle. Additional restrictions are required to av ...

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

A unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.

A unique key should be generated for a user's QR login key and their a ...

Incorrect CSRF token checks resulted in multiple CSRF risks.

Incorrect CSRF token checks resulted in multiple CSRF risks.

Incorrect CSRF token checks resulted in multiple CSRF risks.

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.

The cURL wrapper in Moodle retained the original request headers when ...

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.

Insufficient escaping of calendar event titles resulted in a stored XS ...

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.

Insufficient capability checks meant it was possible for users to gain ...

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.

Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.