Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/66483?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "4.3.0-rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "4.3.4", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18775?format=api", "vulnerability_id": "VCID-3898-265t-1yd5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nWiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5544", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38939", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5544" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243443" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451585", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451585" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5544", "reference_id": "CVE-2023-5544", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5544" }, { "reference_url": "https://github.com/advisories/GHSA-j5xf-gv89-g422", "reference_id": "GHSA-j5xf-gv89-g422", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j5xf-gv89-g422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5544", "GHSA-j5xf-gv89-g422" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3898-265t-1yd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18783?format=api", "vulnerability_id": "VCID-3pgc-yptg-tuaa", "summary": "Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nH5P metadata automatically populated the author with the user's username, which could be sensitive information.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51339", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5545" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243444" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451586", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451586" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5545", "reference_id": "CVE-2023-5545", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5545" }, { "reference_url": "https://github.com/advisories/GHSA-26fg-v32r-h663", "reference_id": "GHSA-26fg-v32r-h663", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-26fg-v32r-h663" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5545", "GHSA-26fg-v32r-h663" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3pgc-yptg-tuaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18786?format=api", "vulnerability_id": "VCID-57pd-ath8-1yf9", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5539", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.022", "scoring_system": "epss", "scoring_elements": "0.847", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5539" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243352" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451580", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451580" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5539", "reference_id": "CVE-2023-5539", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5539" }, { "reference_url": "https://github.com/advisories/GHSA-3xxm-3g3c-w579", "reference_id": "GHSA-3xxm-3g3c-w579", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3xxm-3g3c-w579" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5539", "GHSA-3xxm-3g3c-w579" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57pd-ath8-1yf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18785?format=api", "vulnerability_id": "VCID-5v9k-wk4u-uuf9", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe course upload preview contained an XSS risk for users uploading unsafe data.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5547", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33706", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5547" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243447" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079" }, { "reference_url": "https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451588", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451588" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5547", "reference_id": "CVE-2023-5547", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5547" }, { "reference_url": "https://github.com/advisories/GHSA-9gqp-3g28-w9xc", "reference_id": "GHSA-9gqp-3g28-w9xc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9gqp-3g28-w9xc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5547", "GHSA-9gqp-3g28-w9xc" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5v9k-wk4u-uuf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18790?format=api", "vulnerability_id": "VCID-9rv1-hn65-dbhe", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5540", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.022", "scoring_system": "epss", "scoring_elements": "0.847", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5540" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243432" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451581", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451581" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5540", "reference_id": "CVE-2023-5540", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5540" }, { "reference_url": "https://github.com/advisories/GHSA-w8x2-w4qr-v3x4", "reference_id": "GHSA-w8x2-w4qr-v3x4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w8x2-w4qr-v3x4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5540", "GHSA-w8x2-w4qr-v3x4" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9rv1-hn65-dbhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18789?format=api", "vulnerability_id": "VCID-a8pk-18gr-mubw", "summary": "Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nSeparate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22185", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5551" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243453" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0" }, { "reference_url": "https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a" }, { "reference_url": "https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451592", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451592" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5551", "reference_id": "CVE-2023-5551", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5551" }, { "reference_url": "https://github.com/advisories/GHSA-jr83-8x65-xcr5", "reference_id": "GHSA-jr83-8x65-xcr5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jr83-8x65-xcr5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5551", "GHSA-jr83-8x65-xcr5" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8pk-18gr-mubw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18792?format=api", "vulnerability_id": "VCID-bake-gya4-m7ex", "summary": "Moodle Improper Access Control vulnerability\nStudents in \"Only see own membership\" groups could see other students in the group, which should be hidden.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5542", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50485", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5542" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243441" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451583", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451583" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5542", "reference_id": "CVE-2023-5542", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5542" }, { "reference_url": "https://github.com/advisories/GHSA-8mm2-m2gp-c6x2", "reference_id": "GHSA-8mm2-m2gp-c6x2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8mm2-m2gp-c6x2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5542", "GHSA-8mm2-m2gp-c6x2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bake-gya4-m7ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18777?format=api", "vulnerability_id": "VCID-cpxg-pzcj-73gn", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33706", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5541" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243437" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451582", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451582" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5541", "reference_id": "CVE-2023-5541", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5541" }, { "reference_url": "https://github.com/advisories/GHSA-28gc-4qq5-8q26", "reference_id": "GHSA-28gc-4qq5-8q26", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-28gc-4qq5-8q26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5541", "GHSA-28gc-4qq5-8q26" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cpxg-pzcj-73gn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18781?format=api", "vulnerability_id": "VCID-fb4d-p8pw-yka4", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nIn a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01474", "scoring_system": "epss", "scoring_elements": "0.81264", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5550" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243452" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451591", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451591" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5550", "reference_id": "CVE-2023-5550", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5550" }, { "reference_url": "https://github.com/advisories/GHSA-5cvx-cwpx-9rjh", "reference_id": "GHSA-5cvx-cwpx-9rjh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5cvx-cwpx-9rjh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5550", "GHSA-5cvx-cwpx-9rjh" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fb4d-p8pw-yka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18787?format=api", "vulnerability_id": "VCID-gqwn-qskg-qbc7", "summary": "Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability\nStronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5548", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00277", "scoring_system": "epss", "scoring_elements": "0.51338", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5548" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243449", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243449" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451589", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451589" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5548", "reference_id": "CVE-2023-5548", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5548" }, { "reference_url": "https://github.com/advisories/GHSA-cwh2-q44x-5w3c", "reference_id": "GHSA-cwh2-q44x-5w3c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cwh2-q44x-5w3c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5548", "GHSA-cwh2-q44x-5w3c" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqwn-qskg-qbc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18784?format=api", "vulnerability_id": "VCID-p9vn-r312-1beg", "summary": "Moodle Improper Access Control vulnerability\nInsufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5549", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00256", "scoring_system": "epss", "scoring_elements": "0.49143", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5549" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243451", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243451" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451590", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451590" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5549", "reference_id": "CVE-2023-5549", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5549" }, { "reference_url": "https://github.com/advisories/GHSA-fm5h-58g2-4m3f", "reference_id": "GHSA-fm5h-58g2-4m3f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fm5h-58g2-4m3f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66472?format=api", "purl": "pkg:composer/moodle/moodle@3.9.24", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24" }, { "url": "http://public2.vulnerablecode.io/api/packages/66473?format=api", "purl": "pkg:composer/moodle/moodle@3.11.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5549", "GHSA-fm5h-58g2-4m3f" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vn-r312-1beg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18780?format=api", "vulnerability_id": "VCID-qmcu-uyur-r7bg", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/" } ], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02379", "scoring_system": "epss", "scoring_elements": "0.8525", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5546" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243445" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=451587", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" }, { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=451587" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5546", "reference_id": "CVE-2023-5546", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5546" }, { "reference_url": "https://github.com/advisories/GHSA-9724-h8p7-r3jv", "reference_id": "GHSA-9724-h8p7-r3jv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9724-h8p7-r3jv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66474?format=api", "purl": "pkg:composer/moodle/moodle@4.0.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/66475?format=api", "purl": "pkg:composer/moodle/moodle@4.1.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/66476?format=api", "purl": "pkg:composer/moodle/moodle@4.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/66483?format=api", "purl": "pkg:composer/moodle/moodle@4.3.0-rc2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" } ], "aliases": [ "CVE-2023-5546", "GHSA-9724-h8p7-r3jv" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcu-uyur-r7bg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2" }