Description

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Remediation

References

CVE-2023-35131

Related Vulnerabilities

WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)

Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery SQL Injection (1.3.50)

WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)

MediaWiki Other Vulnerability (CVE-2005-3165)

Severity

Medium

Classification

CVE-2023-35131 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities