Description
** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
Remediation
References
Related Vulnerabilities
OpenSSL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2018-5407)
MySQL CVE-2019-2528 Vulnerability (CVE-2019-2528)
WordPress Plugin Tutor LMS-eLearning and online course solution Security Bypass (2.6.1)
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43766)
WordPress Plugin Genie WP Favicon Cross-Site Request Forgery (0.5.2)