CVE-2023-46858
N/A
N/A
Summary
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses … admins and teachers can post XSS-capable content, but students can not."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd
- https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle
- https://packetstormsecurity.com/files/175277/Moodle-4.3-Cross-Site-Scripting.html
References
- https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd
- https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle
- https://packetstormsecurity.com/files/175277/Moodle-4.3-Cross-Site-Scripting.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.