Lucene search
HistoryMar 23, 2023 - 9:15 p.m.
CVE-2023-28331
database auto-linking
sanitizing
xss risk
cve-2023-28331
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
37.8%
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
Affected configurations
Node
moodlemoodleRange3.9.0–3.9.20
ORmoodlemoodleRange3.11.0–3.11.13
ORmoodlemoodleRange4.0.0–4.0.7
ORmoodlemoodleMatch3.9.0-
ORmoodlemoodleMatch3.11.0-
ORmoodlemoodleMatch4.0.0-
ORmoodlemoodleMatch4.1.0-
ORmoodlemoodleMatch4.1.1
Related
cve
cve
CVE-2023-28331
2023-03-23 21:15:20
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-28331
2023-03-23 00:00:00
osv
osv
CVE-2023-28331
2023-03-23 21:15:20
BIT-moodle-2023-28331
2024-03-06 11:00:32
Moodle vulnerable to Cross-site Scripting
2023-03-23 21:30:18
veracode
veracode
Cross-Site Scripting (XSS)
2023-03-27 04:26:54
github
github
Moodle vulnerable to Cross-site Scripting
2023-03-23 21:30:18
prion
prion
Cross site scripting
2023-03-23 21:15:00
openvas
openvas
Fedora: Security Advisory for moodle (FEDORA-2023-d9c13996b2)
2023-03-31 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: moodle-3.11.13-1.fc36
2023-03-30 01:16:28
nessus
nessus
Fedora 36 : moodle (2023-d9c13996b2)
2023-03-30 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
37.8%
Related for NVD:CVE-2023-28331