CVE-2023-35131

Source
https://cve.org/CVERecord?id=CVE-2023-35131
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35131.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-35131
Aliases
Downstream
Published
2023-06-22T00:00:00Z
Modified
2026-07-15T02:08:45.771230573Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Moodle: xss risk on groups page
Details

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/35xxx/CVE-2023-35131.json",
    "cna_assigner": "fedora",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "4.2.0"
                },
                {
                    "fixed": "4.2.1"
                },
                {
                    "introduced": "4.1.0"
                },
                {
                    "fixed": "4.1.4"
                },
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "4.0.9"
                },
                {
                    "introduced": "3.11.0"
                },
                {
                    "fixed": "3.11.15"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.2.0:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "3.11.0"
        },
        {
            "fixed": "3.11.15"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.9"
        },
        {
            "introduced": "4.1.0"
        },
        {
            "fixed": "4.1.4"
        },
        {
            "introduced": "4.2.0"
        },
        {
            "last_affected": "4.2.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

4.*
4.2.0
v3.*
v3.11.0
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.13
v3.11.14
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.0.7
v4.0.8
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35131.json"