CVE-2023-28331 Moodle: xss risk when outputting database activity filter data

🗓️ 23 Mar 2023 00:00:00Reported by fedoraType

Moodle XSS risk CVE-2023-28331

Reporter	Title	Published	Views	Family All 58
ATTACKERKB	CVE-2023-28331	23 Mar 202321:15	–	attackerkb
CNNVD	Moodle 跨站脚本漏洞	21 Mar 202300:00	–	cnnvd
CVE	CVE-2023-28331	23 Mar 202300:00	–	cve
EUVD	EUVD-2023-0917	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 36 Update: moodle-3.11.13-1.fc36	30 Mar 202301:16	–	fedora
Tenable Nessus	Fedora 36 : moodle (2023-d9c13996b2)	30 Mar 202300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-28331	2 Sep 202500:00	–	nessus
Tenable Nessus	Moodle 4.1.x < 4.1.2 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus
Tenable Nessus	Moodle 4.0.x < 4.0.7 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus
Tenable Nessus	Moodle 3.11.x < 3.11.13 Multiple Vulnerabilities	10 Apr 202500:00	–	nessus

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.7",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.11.0",
        "lessThan": "3.11.13",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.9.20",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unaffected"
  }
]

Source	Link
moodle	www.moodle.org/mod/forum/discuss.php
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/

19 Apr 2024 13:39Current

6.3Medium risk

Vulners AI Score6.3

EPSS0.00894

CWE-79