Description

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Remediation

References

CVE-2023-35131

Related Vulnerabilities

WebLogic CVE-2023-22040 Vulnerability (CVE-2023-22040)

WordPress Plugin Redirection Cross-Site Request Forgery (1.1.4)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2012-4534)

Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32644)

PHP Other Vulnerability (CVE-2007-2369)

Severity

Medium

Classification

CVE-2023-35131 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities