Lucene search

GoogleOSV:BIT-MOODLE-2023-46858

HistoryMar 06, 2024 - 10:58 a.m.

BIT-moodle-2023-46858

2024-03-0610:58:47

Google

osv.dev

moodle 4.3

reflected xss

teacher

grade report

security

rich content

admin

student

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.2%

JSON

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states “Some forms of rich content [are] used by teachers to enhance their courses … admins and teachers can post XSS-capable content, but students can not.”

CPENameOperatorVersion
moodlele4.3.0
moodlege4.3.0

CPE	Name	Operator	Version
	moodle	le	4.3.0
	moodle	ge	4.3.0

References

docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle

gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd

packetstormsecurity.com/files/175277/Moodle-4.3-Cross-Site-Scripting.html