Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN

Moodle vulnerable to Cross-site Scripting

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Permalink: https://github.com/advisories/GHSA-fwfj-8p36-rc64
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 17 days ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-fwfj-8p36-rc64, CVE-2023-35131
References:

https://nvd.nist.gov/vuln/detail/CVE-2023-35131
https://moodle.org/mod/forum/discuss.php?d=447829
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683
https://lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
https://lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
https://github.com/advisories/GHSA-fwfj-8p36-rc64

Affected Packages

packagist:moodle/moodle

Versions: < 3.11.15, >= 4.0.0, < 4.0.9, >= 4.1.0, < 4.1.4, = 4.2.0
Fixed in: 3.11.15, 4.0.9, 4.1.4, 4.2.1