Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5547)

Description

The course upload preview contained an XSS risk for users uploading unsafe data.

Remediation

References

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-36023)

WordPress Plugin Ivory Search-WordPress Search Cross-Site Scripting (4.7.1)

WordPress Improper Authentication Vulnerability (CVE-2014-0166)

Zope Web Application Server Other Vulnerability (CVE-2000-1212)

Oracle Application Server CVE-2004-1368 Vulnerability (CVE-2004-1368)

Severity

Medium

Classification

CVE-2023-5547 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities