CVE-2023-5546 - Vulnerability Details - OpenCVE

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01307.

Key SSVC decision points have not yet been added.

Vendors	Products
Fedoraproject	Fedora
Moodle	Moodle
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

Configuration 2 [-]

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2935	ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
Github GHSA	GHSA-9724-h8p7-r3jv	Moodle Cross-site Scripting vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971
https://bugzilla.redhat.com/show_bug.cgi?id=2243445
https://moodle.org/mod/forum/discuss.php?d=451587

History

No history.

MITRE

Status: PUBLISHED

Assigner: fedora

Published: 2023-11-09T19:34:21.895Z

Updated: 2024-08-02T07:59:44.768Z

Reserved: 2023-10-12T00:26:38.202Z

Link: CVE-2023-5546

Vulnrichment

Updated: 2024-08-02T07:59:44.768Z

NVD

Status : Modified

Published: 2023-11-09T20:15:10.030

Modified: 2024-11-21T08:41:59.060

Link: CVE-2023-5546

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5546", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "state": "PUBLISHED", "assignerShortName": "fedora", "dateReserved": "2023-10-12T00:26:38.202Z", "datePublished": "2023-11-09T19:34:21.895Z", "dateUpdated": "2024-08-02T07:59:44.768Z"}, "containers": {"cna": {"title": "Moodle: stored xss in quiz grading report via user id number", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk."}], "affected": [{"versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "name": "RHBZ#2243445", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451587"}], "datePublic": "2023-10-16T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "timeline": [{"lang": "en", "time": "2023-10-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-16T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:48:24.427Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T19:14:29.937450Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "custom"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "custom"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:28:29.756Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.768Z"}, "title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "name": "RHBZ#2243445", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451587", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "name": "RHBZ#2243445", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451587", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.768Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-22T19:14:29.937450Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:moodle:moodle:-:*:*:*:*:*:*:*"], "vendor": "moodle", "product": "moodle", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "custom"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "custom"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T19:13:56.521Z"}}], "cna": {"title": "Moodle: stored xss in quiz grading report via user id number", "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.3", "versionType": "semver"}, {"status": "affected", "version": "4.1.0", "lessThan": "4.1.6", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.11", "versionType": "semver"}], "packageName": "moodle", "collectionURL": "https://git.moodle.org", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2023-10-10T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-16T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-10-16T00:00:00+00:00", "references": [{"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "name": "RHBZ#2243445", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://moodle.org/mod/forum/discuss.php?d=451587"}], "descriptions": [{"lang": "en", "value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2024-04-19T13:48:24.427Z"}, "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}}, "cveMetadata": {"cveId": "CVE-2023-5546", "state": "PUBLISHED", "dateUpdated": "2024-08-02T07:59:44.768Z", "dateReserved": "2023-10-12T00:26:38.202Z", "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "datePublished": "2023-11-09T19:34:21.895Z", "assignerShortName": "fedora"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "4827B277-0EC2-4254-B6DF-F18475A6253C", "versionEndExcluding": "4.0.11", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "E660C47C-2CB3-4B06-B98A-F8EE211F798A", "versionEndExcluding": "4.1.6", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "matchCriteriaId": "C65020B8-B78E-4B59-B894-3F223D769078", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk."}, {"lang": "es", "value": "Los n\u00fameros de identificaci\u00f3n que se muestran en el informe de calificaci\u00f3n del cuestionario requirieron una sanitizaci\u00f3n adicional para evitar un riesgo de XSS almacenado."}], "id": "CVE-2023-5546", "lastModified": "2024-11-21T08:41:59.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-09T20:15:10.030", "references": [{"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"}, {"source": "patrick@puiterwijk.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445"}, {"source": "patrick@puiterwijk.org", "tags": ["Patch"], "url": "https://moodle.org/mod/forum/discuss.php?d=451587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://moodle.org/mod/forum/discuss.php?d=451587"}], "sourceIdentifier": "patrick@puiterwijk.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "patrick@puiterwijk.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}