Reflected XSS Vulnerability in Moodle by Moodle
CVE-2023-46858
5.4MEDIUM
Summary
Moodle version 4.3 introduces a vulnerability that allows reflected cross-site scripting (XSS) through the /grade/report/grader/index.php endpoint when users are logged in as teachers. This vulnerability arises when teachers utilize forms of rich content to enhance their courses, potentially leading to exploitation if malicious content is submitted. Importantly, while admin and teacher accounts can be compromised, student accounts are safeguarded from posting such content. Addressing this vulnerability is crucial to maintaining the integrity and security of Moodle's educational platforms.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved