VulnerableCode Package Details - pkg:composer/moodle/moodle@4.1.1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-91z3-7wza-c7gs	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	CVE-2023-23921
VCID-bvne-5ym9-byaz	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.	CVE-2023-23922
VCID-zhhy-m421-nffk	Improper Access Control The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.	CVE-2023-23923

Vulnerability

Summary

Aliases

VCID-91z3-7wza-c7gs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23921

VCID-bvne-5ym9-byaz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.

CVE-2023-23922

VCID-zhhy-m421-nffk

Improper Access Control The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

CVE-2023-23923

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T20:59:48.317401+00:00	GitLab Importer	Fixing	VCID-zhhy-m421-nffk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23923.yml	38.6.0
2026-05-30T20:59:48.210050+00:00	GitLab Importer	Fixing	VCID-bvne-5ym9-byaz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23922.yml	38.6.0
2026-05-30T20:59:48.093414+00:00	GitLab Importer	Fixing	VCID-91z3-7wza-c7gs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2023-23921.yml	38.6.0