Vulnerability Bulletins

MSA-23-0002: Reflected XSS risk in blog search


System information

   
Affected software PHP

Description

by Michael Hawkins. Blog search required additional sanitizing to prevent a reflected XSS risk. Severity/Risk: Serious Versions affected: 4.1 and 4.0 to 4.0.5 Versions fixed: 4.1.1, 4.0.6 Reported by: Unknown (name not provided) CVE identifier: CVE-2023-23922 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861 Tracker issue: MDL-76861 Reflected XSS risk in blog search

More info:

https://moodle.org/mod/forum/discuss.php?d=443273&parent=1782022

Standar resources

Property Value
CVE CVE-2023-23922.

Version history

Version Comments Date
1.0 Advisory issued 2023-02-03
Ministerio de Defensa
CNI
CCN
CCN-CERT