vulnerability
Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-35131)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Jun 22, 2023 | Jul 4, 2023 | Jan 28, 2025 |
Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
Jun 22, 2023
Added
Jul 4, 2023
Modified
Jan 28, 2025
Description
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
Solution(s)
moodle-upgrade-3_11_15moodle-upgrade-4_0_9moodle-upgrade-4_1_4
References
- CVE-2023-35131
- https://attackerkb.com/topics/CVE-2023-35131
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2214369
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
- URL-https://moodle.org/mod/forum/discuss.php?d=447829
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.