Description

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Remediation

References

CVE-2023-35131

Related Vulnerabilities

WordPress Plugin Easy Team Manager SQL Injection (1.3.2)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-4408)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0324)

WordPress Plugin AceIDE Local File Inclusion (2.6.2)

WordPress Plugin Stetic Cross-Site Request Forgery (1.0.6)

Severity

Medium

Classification

CVE-2023-35131 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities