Bug 2243447 (CVE-2023-5547, MSA-23-0039) - CVE-2023-5547 moodle: XSS risk when previewing data in course upload tool
Summary: CVE-2023-5547 moodle: XSS risk when previewing data in course upload tool
Keywords:
Status: NEW
Alias: CVE-2023-5547, MSA-23-0039
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2244915 2244916
Blocks: 2243346
TreeView+ depends on / blocked
 
Reported: 2023-10-12 00:31 UTC by Robb Gatica
Modified: 2023-10-26 06:46 UTC (History)
2 users (show)

Fixed In Version: moodle 4.2.3, moodle 4.1.6, moodle 4.0.11, moodle 3.11.17, moodle 3.9.24
Doc Type: If docs needed, set a value
Doc Text:
The course upload preview contained an XSS risk for users uploading unsafe data.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2023-10-12 00:31:02 UTC 
The course upload preview contained an XSS risk for users uploading unsafe data. This flaw affects versions 4.2 to 4.2.2, 4.1 to 4.1.5, 4.0 to 4.0.10, 3.11 to 3.11.16, 3.9 to 3.9.23 and earlier unsupported versions.
Comment 2 Nick Tait 2023-10-18 18:51:43 UTC 
https://moodle.org/mod/forum/discuss.php?d=451588
Comment 3 Nick Tait 2023-10-18 20:46:46 UTC 
Created moodle tracking bugs for this issue:

Affects: epel-7 [bug 2244915]
Affects: fedora-all [bug 2244916]
Note You need to log in before you can comment on or make changes to this bug.