Описание
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-28332
- https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
- https://bugzilla.redhat.com/show_bug.cgi?id=2179419
- https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
- https://moodle.org/mod/forum/discuss.php?d=445064
Пакеты
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.1.0, < 4.1.2
4.1.2
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 4.0.0, < 4.0.7
4.0.7
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
>= 3.11.0, < 3.11.13
3.11.13
Наименование
moodle/moodle
composer
Затронутые версииВерсия исправления
< 3.9.20
3.9.20
Связанные уязвимости
CVSS3: 6.1
ubuntu
около 2 лет назад
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
CVSS3: 6.1
nvd
около 2 лет назад
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
CVSS3: 6.1
debian
около 2 лет назад
If the algebra filter was enabled but not functional (eg the necessary ...