Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_113586
HistoryFeb 20, 2023 - 12:00 a.m.

Moodle 3.11.x < 3.11.12 Multiple Vulnerabilities

2023-02-2000:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
moodle
cross-site scripting
xss
lack of sanitization
blog search
insecure direct object reference
idor
cve-2023-23921
cve-2023-23922
cve-2023-23923

0.002 Low

EPSS

Percentile

61.3%

JSON

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities:

  • A Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of some returnurl parameters. (CVE-2023-23921)

  • A Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization in the blog search functionnality. (CVE-2023-23922)

  • An Insecure Direct Object Reference (IDOR) vulnerability allowing users to set the preferred start page of any other user. (CVE-2023-23923)

Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.

No source data
VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Related

nessus 3
redos 1
openvas 2
cve 3
osv 9
ubuntucve 3
cvelist 3
nvd 3
prion 3
github 3
veracode 3
vulnrichment 1
nessus
nessus
Moodle 3.9.x < 3.9.19 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 4.0.x < 4.0.6 Multiple Vulnerabilities
2023-02-20 00:00:00
Moodle 4.1.x < 4.1.1 Multiple Vulnerabilities
2023-02-20 00:00:00
redos
redos
ROS-20230627-01
2023-06-27 00:00:00
openvas
openvas
Moodle 3.9 <= 3.9.18, 3.11 <= 3.11.11, 4.0 <= 4.0.5, 4.1 < 4.1.1 Multiple Vulnerabilities
2023-01-25 00:00:00
Moodle 4.0.x < 4.0.6, 4.1.x < 4.1.1 XSS Vulnerability (MSA-23-0002)
2023-01-26 00:00:00
cve
cve
CVE-2023-23923
2023-02-17 20:15:11
CVE-2023-23921
2023-02-17 20:15:11
CVE-2023-23922
2023-02-17 20:15:11
osv
osv
CVE-2023-23921
2023-02-17 20:15:11
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
CVE-2023-23922
2023-02-17 20:15:11
ubuntucve
ubuntucve
CVE-2023-23923
2023-02-17 00:00:00
CVE-2023-23921
2023-02-17 00:00:00
CVE-2023-23922
2023-02-17 00:00:00
cvelist
cvelist
CVE-2023-23923 Moodle: possible to set the preferred "start page" of other users
2023-02-17 00:00:00
CVE-2023-23921 Moodle: reflected xss risk in some returnurl parameters
2023-02-17 00:00:00
CVE-2023-23922 Moodle: reflected xss risk in blog search
2023-02-17 00:00:00
nvd
nvd
CVE-2023-23922
2023-02-17 20:15:11
CVE-2023-23923
2023-02-17 20:15:11
CVE-2023-23921
2023-02-17 20:15:11
prion
prion
Cross site scripting
2023-02-17 20:15:00
Design/Logic Flaw
2023-02-17 20:15:00
Cross site scripting
2023-02-17 20:15:00
github
github
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
Moodle Improper Access Control vulnerability
2023-02-17 21:30:41
Moodle Cross-site Scripting vulnerability
2023-02-17 21:30:41
veracode
veracode
Cross-site Scripting (XSS)
2023-02-27 10:00:16
Improper Access Control
2023-02-27 12:06:36
Cross-Site Scripting (XSS)
2023-02-23 05:16:58
vulnrichment
vulnrichment
CVE-2023-23923 Moodle: possible to set the preferred "start page" of other users
2023-02-17 00:00:00

0.002 Low

EPSS

Percentile

61.3%

JSON
Related for WEB_APPLICATION_SCANNING_113586
nessus3redos1openvas2cve3osv9ubuntucve3cvelist3nvd3prion3github3veracode3vulnrichment1