CVE-2023-28332

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

CVE-2023-28332, GHSA-9f45-9qrw-pp4v

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.

Affected Versions

All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2

Solution

Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.

Last Modified

2023-03-24

source