CVE-2023-5547

Published: Nov 9, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The course upload preview contained an XSS risk for users uploading unsafe data.

Affected (9)

Products: Moodle: Moodle · Redhat: Enterprise Linux · Fedoraproject: Fedora

1 product

1 product

Enterprise Linux

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Moodle Moodle	From 3.11.0 to 3.11.17
Moodle Moodle	From 3.9.0 to 3.9.24
Moodle Moodle	From 4.0.0 to 4.0.11
Moodle Moodle	From 4.1.0 to 4.1.6
Moodle Moodle	From 4.2.0 to 4.2.3

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38
Fedoraproject Fedora	Version 39

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455

Source: patrick@puiterwijk.org

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2243447

Source: patrick@puiterwijk.org

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=451588

Source: patrick@puiterwijk.org

Patch

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=2243447

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://moodle.org/mod/forum/discuss.php?d=451588

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.