Description

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Remediation

References

CVE-2023-35131

Related Vulnerabilities

Oracle Database Server CVE-2007-0271 Vulnerability (CVE-2007-0271)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)

Jboss EAP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2022-0853)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.2.100)

Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-16845)

Severity

Medium

Classification

CVE-2023-35131 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities