Liferay Mentions Web is Vulnerable to Cross-site Scripting

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions allow remote authenticated users t...

PT-2024-25933 · Drupal · Drupal Wiki

Name of the Vulnerable Software and Affected Versions: Drupal Wiki versions prior to 8.31.1 Description: The issue allows for XSS attacks via comments, captions, and image titles of a Wiki page. Recommendations: For versions prior to 8.31.1, update to version 8.31.1 or later to resolve the issue...

BIT-MOODLE-2023-5544 Moodle: stored xss and potential idor risk in wiki comments

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

GHSA-J5XF-GV89-G422 Moodle Cross-site Scripting vulnerability

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

Cross site scripting

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

UBUNTU-CVE-2023-5544

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

CVE-2023-5544

CVE-2023-5544 relates to a stored XSS and potential IDOR risk in Moodle Wiki comments due to insufficient sanitization and access restrictions. Connected sources (OSV/GHSA advisories and Nessus notes) corroborate a Wiki comments stored XSS/IDOR issue, with no explicit affected versions or patch d...

CVE-2023-5544 Moodle: stored xss and potential idor risk in wiki comments

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk...

PT-2023-8910 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue is related to insufficient sanitizing of Wiki comments, which poses a stored XSS risk and a potential IDOR risk. This could allow a remote attacker to perform cross-site scripting...

Moodle < 3.9.24, 3.11.x < 3.11.17, 4.0.x < 4.0.11, 4.1.x < 4.1.6, 4.2.x < 4.2.3 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

PT-2022-26205 · Unknown +1 · Bluespicesocialprofile +1

Name of the Vulnerable Software and Affected Versions: BlueSpice affected versions not specified Description: The issue allows a user with comment permissions to inject arbitrary HTML into the comment section of a wikipage, which can lead to Cross-site Scripting XSS. This occurs in the...

Moodle vulnerable to Cross-Site Scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...

Cross site scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...