Vulnerability Description
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moodle | Moodle | < 3.9.20 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2179419
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=445064Issue TrackingPatchVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2179419
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://moodle.org/mod/forum/discuss.php?d=445064Issue TrackingPatchVendor Advisory
FAQ
What is CVE-2023-28332?
CVE-2023-28332 is a vulnerability with a CVSS score of 6.1 (MEDIUM). If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
How severe is CVE-2023-28332?
CVE-2023-28332 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-28332?
Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle.