Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113585
HistoryFeb 20, 2023 - 12:00 a.m.

Moodle 3.9.x < 3.9.19 Multiple Vulnerabilities

2023-02-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
moodle 3.9.x
3.9.19
multiple vulnerabilities
cross-site scripting
insecure direct object reference
lack of sanitization
returnurl parameters
blog search functionality
idor vulnerability

0.002 Low

EPSS

Percentile

61.3%

JSON

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities:

  • A Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of some returnurl parameters. (CVE-2023-23921)

  • A Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization in the blog search functionnality. (CVE-2023-23922)

  • An Insecure Direct Object Reference (IDOR) vulnerability allowing users to set the preferred start page of any other user. (CVE-2023-23923)

Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.

No source data
VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Related

nessus 3
openvas 2
redos 1
cve 3
ubuntucve 3
cvelist 3
osv 9
prion 3
github 3
veracode 3
nvd 3
vulnrichment 1
nessus
nessus
Moodle 3.11.x < 3.11.12 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 4.0.x < 4.0.6 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 4.1.x < 4.1.1 Multiple Vulnerabilities
2023-02-20 00:00:00
openvas
openvas
Moodle 3.9 <= 3.9.18, 3.11 <= 3.11.11, 4.0 <= 4.0.5, 4.1 < 4.1.1 Multiple Vulnerabilities
2023-01-25 00:00:00
Moodle 4.0.x < 4.0.6, 4.1.x < 4.1.1 XSS Vulnerability (MSA-23-0002)
2023-01-26 00:00:00
redos
redos
ROS-20230627-01
2023-06-27 00:00:00
cve
cve
CVE-2023-23923
2023-02-17 20:15:11
CVE-2023-23922
2023-02-17 20:15:11
CVE-2023-23921
2023-02-17 20:15:11
ubuntucve
ubuntucve
CVE-2023-23923
2023-02-17 00:00:00
CVE-2023-23922
2023-02-17 00:00:00
CVE-2023-23921
2023-02-17 00:00:00
cvelist
cvelist
CVE-2023-23923 Moodle: possible to set the preferred "start page" of other users
2023-02-17 00:00:00
CVE-2023-23922 Moodle: reflected xss risk in blog search
2023-02-17 00:00:00
CVE-2023-23921 Moodle: reflected xss risk in some returnurl parameters
2023-02-17 00:00:00
osv
osv
CVE-2023-23921
2023-02-17 20:15:11
BIT-moodle-2023-23922
2024-03-06 11:01:14
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
prion
prion
Cross site scripting
2023-02-17 20:15:00
Design/Logic Flaw
2023-02-17 20:15:00
Cross site scripting
2023-02-17 20:15:00
github
github
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
Moodle Improper Access Control vulnerability
2023-02-17 21:30:41
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
veracode
veracode
Cross-site Scripting (XSS)
2023-02-27 10:00:16
Improper Access Control
2023-02-27 12:06:36
Cross-Site Scripting (XSS)
2023-02-23 05:16:58
nvd
nvd
CVE-2023-23922
2023-02-17 20:15:11
CVE-2023-23923
2023-02-17 20:15:11
CVE-2023-23921
2023-02-17 20:15:11
vulnrichment
vulnrichment
CVE-2023-23923 Moodle: possible to set the preferred "start page" of other users
2023-02-17 00:00:00

0.002 Low

EPSS

Percentile

61.3%

JSON
Related for WEB_APPLICATION_SCANNING_113585
nessus3openvas2redos1cve3ubuntucve3cvelist3osv9prion3github3veracode3nvd3vulnrichment1