CVE-2023-28332

Source
https://cve.org/CVERecord?id=CVE-2023-28332
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28332.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28332
Aliases
Downstream
Published
2023-03-23T00:00:00Z
Modified
2026-07-08T08:05:28.381896631Z
Summary
Moodle: algebra filter xss when filter is misconfigured
Details

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.1.0"
                },
                {
                    "fixed": "4.1.2"
                },
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "4.0.7"
                },
                {
                    "introduced": "3.11.0"
                },
                {
                    "fixed": "3.11.13"
                },
                {
                    "fixed": "3.9.20"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28332.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "fedora"
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.9.20"
        },
        {
            "fixed": "3.11.13"
        },
        {
            "fixed": "4.0.7"
        },
        {
            "introduced": "3.9.0-NA"
        },
        {
            "last_affected": "3.9.0-NA"
        },
        {
            "introduced": "3.11.0-NA"
        },
        {
            "last_affected": "3.11.0-NA"
        },
        {
            "introduced": "4.0.0-NA"
        },
        {
            "last_affected": "4.0.0-NA"
        },
        {
            "introduced": "4.1.0-NA"
        },
        {
            "last_affected": "4.1.0-NA"
        },
        {
            "introduced": "4.1.1"
        },
        {
            "last_affected": "4.1.1"
        }
    ]
}

Affected versions

3.*
3.11.0-NA
3.9.0-NA
4.*
4.0.0-NA
4.1.0-NA
4.1.1
v3.*
v3.10.0
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.11.0
v3.11.0-beta
v3.11.0-rc1
v3.11.0-rc2
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
v4.*
v4.0.0
v4.0.0-beta
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28332.json"