Vulnerability Bulletins

MSA-23-0033: XSS risk when using CSV grade import method

System information

Affected software PHP


por Michael Hawkins. The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.Severity/Risk:MinorVersions affected:4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versionsVersions fixed:4.2.3, 4.1.6, 4.0.11, 3.11.17 and 3.9.24Reported by:Attilio FerrariWorkaround:Verify the contents and trustworthiness of grade spreadsheets before importing them.CVE identifier:CVE-2023-5541Changes

More info:

Standar resources

Property Value
CVE CVE-2023-5541.

Version history

Version Comments Date
Ministerio de Defensa