Description

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Remediation

References

CVE-2023-35131

Related Vulnerabilities

WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.3.7)

WordPress Plugin Zoho CRM Lead Magnet Cross-Site Scripting (1.7.2.8)

Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-30253)

WordPress Plugin WP Content Copy Protection & No Right Click Cross-Site Request Forgery (3.1.5)

WordPress Plugin WP Simple Cart Arbitrary File Upload (1.0.15)

Severity

Medium

Classification

CVE-2023-35131 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities