VulnerableCode Package Details - pkg:composer/moodle/moodle@4.0.6

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-91z3-7wza-c7gs	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	CVE-2023-23921 GHSA-97qf-pq7x-964m
VCID-bvne-5ym9-byaz	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	CVE-2023-23922 GHSA-grmj-gpwm-98ww
VCID-zhhy-m421-nffk	Improper Access Control The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.	CVE-2023-23923 GHSA-32jc-9p58-p82x

Vulnerability

Summary

Aliases

VCID-91z3-7wza-c7gs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23921
GHSA-97qf-pq7x-964m

VCID-bvne-5ym9-byaz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23922
GHSA-grmj-gpwm-98ww

VCID-zhhy-m421-nffk

Improper Access Control The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

CVE-2023-23923
GHSA-32jc-9p58-p82x

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:06:38.459102+00:00	GithubOSV Importer	Fixing	VCID-zhhy-m421-nffk	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-32jc-9p58-p82x/GHSA-32jc-9p58-p82x.json	38.6.0
2026-05-31T11:06:30.642924+00:00	GithubOSV Importer	Fixing	VCID-bvne-5ym9-byaz	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-grmj-gpwm-98ww/GHSA-grmj-gpwm-98ww.json	38.6.0
2026-05-31T11:06:24.687376+00:00	GithubOSV Importer	Fixing	VCID-91z3-7wza-c7gs	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-97qf-pq7x-964m/GHSA-97qf-pq7x-964m.json	38.6.0
2026-05-30T20:59:48.313434+00:00	GitLab Importer	Fixing	VCID-zhhy-m421-nffk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23923.yml	38.6.0
2026-05-30T20:59:48.206074+00:00	GitLab Importer	Fixing	VCID-bvne-5ym9-byaz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23922.yml	38.6.0
2026-05-30T20:59:48.088139+00:00	GitLab Importer	Fixing	VCID-91z3-7wza-c7gs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23921.yml	38.6.0