First published: Thu Jan 19 2023(Updated: )
Blog search required additional sanitizing to prevent a reflected XSS risk. Versions affected: 4.1 and 4.0 to 4.0.5 Versions fixed: 4.1.1, 4.0.6
Credit: patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=4.0.0<4.0.6 | |
Moodle Moodle | =4.1.0 | |
redhat/moodle | <4.1.1 | 4.1.1 |
redhat/moodle | <4.0.6 | 4.0.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Moodle vulnerability is CVE-2023-23922.
The severity of CVE-2023-23922 is high with a CVSS score of 6.1.
The vulnerability CVE-2023-23922 occurs in Moodle due to insufficient sanitization of user-supplied data in blog search.
A remote attacker can exploit CVE-2023-23922 by tricking the victim to follow a specially crafted link and execute arbitrary HTML and script code in the user's browser in the context of the vulnerable website.
Yes, there are patches available for CVE-2023-23922. The recommended version to fix this vulnerability is Moodle 4.1.1.