CVE-2023-35131

Summary

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Affected Software

VendorProductVersion RangeStatus
4.2.0 < 4.2.1affected
4.1.0 < 4.1.4affected
4.0.0 < 4.0.9affected
3.11.0 < 3.11.15affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References