CVE-2023-46858: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states “Some forms of rich content [are] used by teachers to enhance their courses … admins and teachers can post XSS-capable content, but students can not.”
References
Detect and mitigate CVE-2023-46858 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →