Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-46858 - Vulnerability Database

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-46858

Medium
Reference: CVE-2023-46858
Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

DISPUTED Moodle 4.3 allows /grade/report/grader/index.phpsearchvalue reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states quotSome forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content but students can not.quot