← Back

CVE-2023-5544

nvd nist
Published: Nov 9, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

Affected (9)

Moodle
1 product
Moodle
Redhat
1 product
Enterprise Linux
Fedoraproject
1 product
Fedora
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Moodle
Moodle
From 3.11.0 to 3.11.17
Moodle
From 3.9.0 to 3.9.24
Moodle
From 4.0.0 to 4.0.11
Moodle
From 4.1.0 to 4.1.6
Moodle
From 4.2.0 to 4.2.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 7.0
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 37
Fedora
Version 38
Fedora
Version 39

Related CWEs

CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

Source: patrick@puiterwijk.org
Patch
Source: patrick@puiterwijk.org
Issue Tracking
Source: patrick@puiterwijk.org
Mailing ListPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatch

Timeline

No history available yet.