CVE-2023-5546
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle
Identifiers
CVE-2023-5546, GHSA-9724-h8p7-r3jv
Package Slug
packagist/moodle/moodle
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Affected Versions
All versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3
Solution
Upgrade to versions 4.0.11, 4.1.6, 4.2.3 or above.
Last Modified
2023-11-10
| source |