Vulnerability Bulletins

MSA-23-0001: Reflected XSS risk in some returnurl parameters

System information

Affected software PHP


by Michael Hawkins. Some returnurl parameters required additional sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18 and earlier unsupported versionsVersions fixed:4.1.1, 4.0.6, 3.11.12 and 3.9.19Reported by:DegrangeMCVE identifier:CVE-2023-23921Changes (master): issue:MDL-76810 Reflected XSS risk in some returnurl

More info:

Standar resources

Property Value
CVE CVE-2023-23921.

Version history

Version Comments Date
1.0 Advisory issued 2023-01-29
Ministerio de Defensa