CVE-2023-46858

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

CVE-2023-46858

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

Affected Versions

Version 4.3.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-11-08

source