CVE-2018-1045 (https://nvd.nist.gov/vuln/detail/CVE-2018-1045): In Moodle 3.x, there is XSS via a calendar event name. CVE-2018-1044 (https://nvd.nist.gov/vuln/detail/CVE-2018-1044): In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. CVE-2018-1043 (https://nvd.nist.gov/vuln/detail/CVE-2018-1043): In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. CVE-2018-1042 (https://nvd.nist.gov/vuln/detail/CVE-2018-1042): Moodle 3.x has Server Side Request Forgery in the filepicker.