vulnerability

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-46858)

Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Oct 29, 2023
Added
Nov 8, 2023
Modified
Jan 30, 2025

Description

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

Solution

moodle-upgrade-latest
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.