Stored xss and potential idor risk in wiki comments
CVE-2023-5544

5.4MEDIUM

Key Information:

Vendor

Fedora

Status
moodle
Fedora
Extra Packages for Enterprise Linux 7
Vendor
CVE Published:
9 November 2023

What is CVE-2023-5544?

Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.

Affected Version(s)

moodle 4.2.3

moodle 4.1.6

moodle 4.0.11

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...
https://bugzilla.redhat.com/show_bug.cgi?id=2243443
issue-trackingx_refsource_REDHAT
https://moodle.org/mod/forum/discuss.php?d=451585

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.