Vulnerability Bulletins

MSA-23-0002: Reflected XSS risk in blog search

System information

Affected software PHP


by Michael Hawkins. Blog search required additional sanitizing to prevent a reflected XSS risk. Severity/Risk: Serious Versions affected: 4.1 and 4.0 to 4.0.5 Versions fixed: 4.1.1, 4.0.6 Reported by: Unknown (name not provided) CVE identifier: CVE-2023-23922 Changes (master): Tracker issue: MDL-76861 Reflected XSS risk in blog search

More info:

Standar resources

Property Value
CVE CVE-2023-23922.

Version history

Version Comments Date
1.0 Advisory issued 2023-02-03
Ministerio de Defensa