GitHub Advisory DatabaseGHSA-9F45-9QRW-PP4VMoodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
37.8%
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 3.9.20 | |
| moodle/moodle | lt | 3.11.13 | |
| moodle/moodle | lt | 4.0.7 | |
| moodle/moodle | lt | 4.1.2 |
References
bugzilla.redhat.com/show_bug.cgi?id=2179419
git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
github.com/advisories/GHSA-9f45-9qrw-pp4v
github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
moodle.org/mod/forum/discuss.php?d=445064
nvd.nist.gov/vuln/detail/CVE-2023-28332
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
37.8%