What is CVE-2023-35131?

CVE-2023-35131 is a vulnerability that allows attackers to execute cross-site scripting attacks by injecting malicious content on the groups page in Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, and 3.11 to 3.11.14.

How does CVE-2023-35131 affect Moodle?

CVE-2023-35131 affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, and 3.11 to 3.11.14 by allowing attackers to inject malicious content on the groups page, which can lead to cross-site scripting attacks.

What is the severity of CVE-2023-35131?

CVE-2023-35131 has a severity level of medium (6.1) according to the Common Vulnerability Scoring System (CVSS).

How can I fix CVE-2023-35131?

To fix CVE-2023-35131, it is recommended to update Moodle to version 4.2.1, 4.1.4, 4.0.9, or 3.11.15 or apply the relevant patches provided by Moodle.

Where can I find more information about CVE-2023-35131?

You can find more information about CVE-2023-35131 in the following references: [1] [2] [3]

Vulnerability/
CVE-2023-35131

medium

6.1

CWE

12/6/2023

22/6/2023

19/4/2024

CVE-2023-35131: Moodle: xss risk on groups page

First published: Mon Jun 12 2023(Updated: )

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Credit: patrick@puiterwijk.org patrick@puiterwijk.org patrick@puiterwijk.org

Affected Software	Affected Version	How to fix
Moodle Moodle	>=3.11.0<3.11.15
Moodle Moodle	>=4.0.0<4.0.9
Moodle Moodle	>=4.1.0<4.1.4
Moodle Moodle	=4.2.0
composer/moodle/moodle	<3.11.15	3.11.15
composer/moodle/moodle	>=4.0.0<4.0.9	4.0.9
composer/moodle/moodle	>=4.1.0<4.1.4	4.1.4
composer/moodle/moodle	=4.2.0	4.2.1
redhat/moodle	<4.2.1	4.2.1
redhat/moodle	<4.1.4	4.1.4
redhat/moodle	<4.0.9	4.0.9
redhat/moodle	<3.11.15	3.11.15
	>=3.11.0<3.11.15
	>=4.0.0<4.0.9
	>=4.1.0<4.1.4
	=4.2.0

Remedy

https://moodle.org/mod/forum/discuss.php?d=447829

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-35131?
CVE-2023-35131 is a vulnerability that allows attackers to execute cross-site scripting attacks by injecting malicious content on the groups page in Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, and 3.11 to 3.11.14.
How does CVE-2023-35131 affect Moodle?
CVE-2023-35131 affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, and 3.11 to 3.11.14 by allowing attackers to inject malicious content on the groups page, which can lead to cross-site scripting attacks.
What is the severity of CVE-2023-35131?
CVE-2023-35131 has a severity level of medium (6.1) according to the Common Vulnerability Scoring System (CVSS).
How can I fix CVE-2023-35131?
To fix CVE-2023-35131, it is recommended to update Moodle to version 4.2.1, 4.1.4, 4.0.9, or 3.11.15 or apply the relevant patches provided by Moodle.
Where can I find more information about CVE-2023-35131?
You can find more information about CVE-2023-35131 in the following references: [1] [2] [3]

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/remedy
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-35131
agent/software-canonical-lookup
agent/severity
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/author
collector/github-advisory-latest
source/GitHub
alias/GHSA-fwfj-8p36-rc64
agent/last-modified-date
agent/references
agent/tags
agent/softwarecombine
agent/event
collector/nvd-cve
collector/github-advisory
vendor/moodle
canonical/moodle moodle
version/moodle moodle/3.11.0
version/moodle moodle/4.0.0
version/moodle moodle/4.1.0
version/moodle moodle/4.2.0
package-manager/redhat
package-manager/composer