Lucene search
HistoryNov 09, 2023 - 8:15 p.m.
CVE-2023-5541
csv
grade
import
xss
risk
spreadsheet
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.
Affected configurations
Node
moodlemoodleRange3.9.0–3.9.24
ORmoodlemoodleRange3.11.0–3.11.17
ORmoodlemoodleRange4.0.0–4.0.11
ORmoodlemoodleRange4.1.0–4.1.6
ORmoodlemoodleRange4.2.0–4.2.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle:moodle | moodle | lt | 3.9.24 |
| moodle:moodle | moodle | lt | 3.11.17 |
| moodle:moodle | moodle | lt | 4.0.11 |
| moodle:moodle | moodle | lt | 4.1.6 |
| moodle:moodle | moodle | lt | 4.2.3 |
CNA Affected
[
{
"versions": [
{
"status": "affected",
"version": "4.2.0",
"lessThan": "4.2.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.1.0",
"lessThan": "4.1.6",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0",
"lessThan": "4.0.11",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.11.0",
"lessThan": "3.11.17",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThan": "3.9.24",
"versionType": "semver"
}
],
"packageName": "moodle",
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2023-5541
2023-11-09 20:15:09
cvelist
cvelist
CVE-2023-5541 Moodle: xss risk when using csv grade import method
2023-11-09 19:18:22
ubuntucve
ubuntucve
CVE-2023-5541
2023-11-09 00:00:00
osv
osv
BIT-moodle-2023-5541
2024-03-06 10:58:18
Moodle Cross-site Scripting vulnerability
2023-11-09 21:30:38
CVE-2023-5541
2023-11-09 20:15:09
veracode
veracode
Cross-site Scripting (XSS)
2023-11-13 07:07:05
prion
prion
Design/Logic Flaw
2023-11-09 20:15:00
github
github
Moodle Cross-site Scripting vulnerability
2023-11-09 21:30:38
openvas
openvas
Moodle < 3.9.24, 3.11.x < 3.11.17, 4.0.x < 4.0.11, 4.1.x < 4.1.6, 4.2.x < 4.2.3 Multiple Vulnerabilities
2023-10-23 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2023-a7b0d27d18)
2023-10-20 00:00:00
Fedora: Security Advisory for moodle (FEDORA-2023-6880309d0e)
2023-10-20 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: moodle-4.1.6-1.fc38
2023-10-19 01:11:55
[SECURITY] Fedora 37 Update: moodle-4.1.6-1.fc37
2023-10-19 01:35:51
[SECURITY] Fedora 39 Update: moodle-4.3-1.fc39
2023-11-03 18:56:16
nessus
nessus
Fedora 38 : moodle (2023-6880309d0e)
2023-10-19 00:00:00
Fedora 37 : moodle (2023-a7b0d27d18)
2023-10-19 00:00:00
Fedora 39 : moodle (2023-6bd1586dc5)
2023-11-07 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.8%
Related for CVE-2023-5541