First published: Thu Oct 12 2023(Updated: )
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | <4.3.0-rc2 | 4.3.0-rc2 |
Moodle Moodle | >=4.0.0<4.0.11 | |
Moodle Moodle | >=4.1.0<4.1.6 | |
Moodle Moodle | >=4.2.0<4.2.3 | |
Redhat Enterprise Linux | =7.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
redhat/moodle | <4.2.3 | 4.2.3 |
redhat/4.1.6 and | <4.0.11 | 4.0.11 |
>=4.0.0<4.0.11 | ||
>=4.1.0<4.1.6 | ||
>=4.2.0<4.2.3 | ||
=7.0 | ||
=37 | ||
=38 | ||
=39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-5546 is medium with a CVSS score of 5.4.
CVE-2023-5546 affects Moodle versions up to 4.0.11, 4.1.6, and 4.2.3, as well as Moodle/Moodle up to version 4.3.0-rc2.
To fix CVE-2023-5546 in Moodle, make sure to upgrade to version 4.0.11, 4.1.6, 4.2.3, or newer.
You can find more information about CVE-2023-5546 at the following references: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971, https://bugzilla.redhat.com/show_bug.cgi?id=2243445, https://moodle.org/mod/forum/discuss.php?d=451587
The CWE category of CVE-2023-5546 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').