Xss risk when using csv grade import method
CVE-2023-5541

6.1MEDIUM

Key Information:

Vendor

Fedora

Status
moodle
Fedora
Extra Packages for Enterprise Linux 7
Vendor
CVE Published:
9 November 2023

What is CVE-2023-5541?

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243437
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451582

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.