Boletines de Vulnerabilidades

MSA-23-0038: Stored XSS in quiz grading report via user ID number


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:4.2 to 4.2.2, 4.1 to 4.1.5 and 4.0 to 4.0.10Versions fixed:4.2.3, 4.1.6 and 4.0.11Reported by:Paul HoldenCVE identifier:CVE-2023-5546Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971Tracker issue:MDL-78971 Stored XSS in quiz grading report via user ID number

More info:

https://moodle.org/mod/forum/discuss.php?d=451587&parent=1814895

Identificadores estándar

Propiedad Valor
CVE CVE-2023-5546.

Histórico de versiones

Versión Comentario Data
Ministerio de Defensa
CNI
CCN
CCN-CERT