First published: Thu Oct 12 2023(Updated: )
The course upload preview contained an XSS risk for users uploading unsafe data.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/moodle/moodle | <4.3.0-rc2 | 4.3.0-rc2 |
Moodle Moodle | >=3.9.0<3.9.24 | |
Moodle Moodle | >=3.11.0<3.11.17 | |
Moodle Moodle | >=4.0.0<4.0.11 | |
Moodle Moodle | >=4.1.0<4.1.6 | |
Moodle Moodle | >=4.2.0<4.2.3 | |
Redhat Enterprise Linux | =7.0 | |
Fedoraproject Fedora | =37 | |
Fedoraproject Fedora | =38 | |
Fedoraproject Fedora | =39 | |
redhat/moodle | <4.2.3 | 4.2.3 |
redhat/moodle | <4.1.6 | 4.1.6 |
redhat/moodle | <4.0.11 | 4.0.11 |
redhat/moodle | <3.11.17 | 3.11.17 |
redhat/moodle | <3.9.24 | 3.9.24 |
>=3.9.0<3.9.24 | ||
>=3.11.0<3.11.17 | ||
>=4.0.0<4.0.11 | ||
>=4.1.0<4.1.6 | ||
>=4.2.0<4.2.3 | ||
=7.0 | ||
=37 | ||
=38 | ||
=39 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-5547.
The severity of CVE-2023-5547 is medium.
CVE-2023-5547 affects Moodle versions up to and including 4.2.3.
To fix CVE-2023-5547, update Moodle to version 4.2.4 or higher.
More information about CVE-2023-5547 can be found at the following references: [Link 1](http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455), [Link 2](https://bugzilla.redhat.com/show_bug.cgi?id=2243447), [Link 3](https://moodle.org/mod/forum/discuss.php?d=451588).