Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46858.json",
"isDisputed": true,
"cna_assigner": "mitre"
}