CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-5544 – Moodle: stored xss and potential idor risk in wiki comments
https://notcve.org/view.php?id=CVE-2023-5544
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. Los comentarios de Wiki requirieron restricciones de acceso y sanitización adicionales para evitar un riesgo XSS almacenado y un riesgo potencial de IDOR. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509 https://bugzilla.redhat.com/show_bug.cgi?id=2243443 https://moodle.org/mod/forum/discuss.php?d=451585 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5542 – Moodle: students can view other users in "only see own membership" groups
https://notcve.org/view.php?id=CVE-2023-5542
Students in "Only see own membership" groups could see other students in the group, which should be hidden. Los estudiantes en los grupos "Ver solo su propia membresía" podrían ver a otros estudiantes en el grupo, que deberían estar ocultos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213 https://bugzilla.redhat.com/show_bug.cgi?id=2243441 https://moodle.org/mod/forum/discuss.php?d=451583 • CWE-284: Improper Access Control CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-5541 – Moodle: xss risk when using csv grade import method
https://notcve.org/view.php?id=CVE-2023-5541
The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. El método de importación de calificaciones CSV contenía un riesgo XSS para los usuarios que importaban la hoja de cálculo, si contenía contenido no seguro. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426 https://bugzilla.redhat.com/show_bug.cgi?id=2243437 https://moodle.org/mod/forum/discuss.php?d=451582 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5540 – Moodle: authenticated remote code execution risk in imscp
https://notcve.org/view.php?id=CVE-2023-5540
A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad IMSCP. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409 https://bugzilla.redhat.com/show_bug.cgi?id=2243432 https://moodle.org/mod/forum/discuss.php?d=451581 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-5539 – Moodle: authenticated remote code execution risk in lesson
https://notcve.org/view.php?id=CVE-2023-5539
A remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers. Se identificó un riesgo de ejecución remota de código en la actividad Lesson. Por defecto, esto sólo estaba disponible para profesores y directivos. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408 https://bugzilla.redhat.com/show_bug.cgi?id=2243352 https://moodle.org/mod/forum/discuss.php?d=451580 • CWE-94: Improper Control of Generation of Code ('Code Injection') •