CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
37.9%
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
[
{
"versions": [
{
"status": "affected",
"version": "4.2.0",
"lessThan": "4.2.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.1.0",
"lessThan": "4.1.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0",
"lessThan": "4.0.9",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.11.0",
"lessThan": "3.11.15",
"versionType": "semver"
}
],
"packageName": "moodle",
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected"
}
]
bugzilla.redhat.com/show_bug.cgi?id=2214369
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
moodle.org/mod/forum/discuss.php?d=447829
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
37.9%