CVE-2023-23921

CVSS V2 None CVSS V3 None
Description
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
Overview
  • CVE ID
  • CVE-2023-23921
  • Assigner
  • patrick@puiterwijk.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-17T20:15:11
  • Last Modified Date
  • 2023-02-28T19:07:06
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* 1 OR 3.9.0 3.9.19
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* 1 OR 3.11.0 3.11.12
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* 1 OR 4.0.0 4.0.6
cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 07:57:14 Added to TrackCVE
2023-04-17 07:57:16 Weakness Enumeration new