CVE-2023-46858

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 29, 2023

Updated: Aug 2, 2024

CWE ID 79

Summary

CVE-2023-46858 is a reflection XSS vulnerability affecting Moodle 4.3. This issue arises in the /grade/report/grader/index.php page when a teacher is logged in. Attackers can exploit this vulnerability by injecting malicious code through a specific input field, potentially gaining unauthorized access or executing malicious scripts. Notably, while students cannot directly post XSS-capable content, teachers and administrators can, increasing the risk to the entire learning platform.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Moodle

Affected Vendors

Moodle HQ

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tL1SLj
https://www.cve.org/CVERecord?id=CVE-2023-46858
https://nvd.nist.gov/vuln/detail/CVE-2023-46858

Back to Vulnerability Database