Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk

Moodle Cross-site Scripting vulnerability

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

Permalink: https://github.com/advisories/GHSA-9724-h8p7-r3jv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 19 days ago
Updated: 13 days ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-9724-h8p7-r3jv, CVE-2023-5546
References:

• https://nvd.nist.gov/vuln/detail/CVE-2023-5546
• https://bugzilla.redhat.com/show_bug.cgi?id=2243445
• https://moodle.org/mod/forum/discuss.php?d=451587
• http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971
• https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de
• https://github.com/advisories/GHSA-9724-h8p7-r3jv

Affected Packages