{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","type":"composer","namespace":"moodle","name":"moodle","version":"4.3.0-rc2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.3.4","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18775?format=json","vulnerability_id":"VCID-3898-265t-1yd5","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nWiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5544","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38939","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5544"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243443","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243443"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451585","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=451585"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5544","reference_id":"CVE-2023-5544","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5544"},{"reference_url":"https://github.com/advisories/GHSA-j5xf-gv89-g422","reference_id":"GHSA-j5xf-gv89-g422","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j5xf-gv89-g422"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5544","GHSA-j5xf-gv89-g422"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3898-265t-1yd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18783?format=json","vulnerability_id":"VCID-3pgc-yptg-tuaa","summary":"Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nH5P metadata automatically populated the author with the user's username, which could be sensitive information.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78820"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5545","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51339","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5545"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243444","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243444"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/100ac7c6467a7de2c05713a0a924984ff1593d53"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451586","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:58:29Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451586"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5545","reference_id":"CVE-2023-5545","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5545"},{"reference_url":"https://github.com/advisories/GHSA-26fg-v32r-h663","reference_id":"GHSA-26fg-v32r-h663","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-26fg-v32r-h663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5545","GHSA-26fg-v32r-h663"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3pgc-yptg-tuaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18786?format=json","vulnerability_id":"VCID-57pd-ath8-1yf9","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the Lesson activity. By default this was only available to teachers and managers.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79408"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5539","reference_id":"","reference_type":"","scores":[{"value":"0.022","scoring_system":"epss","scoring_elements":"0.847","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5539"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243352","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243352"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/ba974a4add981743b5a37c5bcc4714c62f6052ce"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451580","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-03T18:23:49Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451580"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5539","reference_id":"CVE-2023-5539","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5539"},{"reference_url":"https://github.com/advisories/GHSA-3xxm-3g3c-w579","reference_id":"GHSA-3xxm-3g3c-w579","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xxm-3g3c-w579"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5539","GHSA-3xxm-3g3c-w579"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57pd-ath8-1yf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18785?format=json","vulnerability_id":"VCID-5v9k-wk4u-uuf9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe course upload preview contained an XSS risk for users uploading unsafe data.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79455"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5547","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33706","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5547"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243447","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243447"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/833e818f022cce8373922afaa0cc6c8726b6b079"},{"reference_url":"https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/ef67f43c67e00c271658e42fc2e9cbe5fc94a87e"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451588","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:25:11Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451588"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5547","reference_id":"CVE-2023-5547","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5547"},{"reference_url":"https://github.com/advisories/GHSA-9gqp-3g28-w9xc","reference_id":"GHSA-9gqp-3g28-w9xc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gqp-3g28-w9xc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5547","GHSA-9gqp-3g28-w9xc"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5v9k-wk4u-uuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18790?format=json","vulnerability_id":"VCID-9rv1-hn65-dbhe","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nA remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79409"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5540","reference_id":"","reference_type":"","scores":[{"value":"0.022","scoring_system":"epss","scoring_elements":"0.847","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5540"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243432","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243432"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/3400ae6510b11202aa9d86f7e75b3dff10d81522"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451581","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-22T20:12:01Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451581"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5540","reference_id":"CVE-2023-5540","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5540"},{"reference_url":"https://github.com/advisories/GHSA-w8x2-w4qr-v3x4","reference_id":"GHSA-w8x2-w4qr-v3x4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8x2-w4qr-v3x4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5540","GHSA-w8x2-w4qr-v3x4"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9rv1-hn65-dbhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18789?format=json","vulnerability_id":"VCID-a8pk-18gr-mubw","summary":"Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nSeparate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79310"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5551","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22185","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5551"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243453","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243453"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/2bb6c551cf2e7be29857db35388911b8179394b0"},{"reference_url":"https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/6de45d2c9f7dd7b24210ab0310c296366a82986a"},{"reference_url":"https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/b91feb0b2328cdda2561d68b8dfe2a129190bc85"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451592","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:23:28Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451592"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5551","reference_id":"CVE-2023-5551","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5551"},{"reference_url":"https://github.com/advisories/GHSA-jr83-8x65-xcr5","reference_id":"GHSA-jr83-8x65-xcr5","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jr83-8x65-xcr5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5551","GHSA-jr83-8x65-xcr5"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a8pk-18gr-mubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18792?format=json","vulnerability_id":"VCID-bake-gya4-m7ex","summary":"Moodle Improper Access Control vulnerability\nStudents in \"Only see own membership\" groups could see other students in the group, which should be hidden.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79213"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5542","reference_id":"","reference_type":"","scores":[{"value":"0.00268","scoring_system":"epss","scoring_elements":"0.50485","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5542"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243441","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243441"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/b0bb97ee3b481dd85d8f1ed3612f70c9d1939014"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451583","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-21T17:05:11Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451583"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5542","reference_id":"CVE-2023-5542","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5542"},{"reference_url":"https://github.com/advisories/GHSA-8mm2-m2gp-c6x2","reference_id":"GHSA-8mm2-m2gp-c6x2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8mm2-m2gp-c6x2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5542","GHSA-8mm2-m2gp-c6x2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bake-gya4-m7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18777?format=json","vulnerability_id":"VCID-cpxg-pzcj-73gn","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nThe CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79426"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5541","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33706","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5541"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243437","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243437"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/f5f6ce375e37da902afb043c6b506129fc433233"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451582","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-17T20:18:35Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451582"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5541","reference_id":"CVE-2023-5541","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5541"},{"reference_url":"https://github.com/advisories/GHSA-28gc-4qq5-8q26","reference_id":"GHSA-28gc-4qq5-8q26","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-28gc-4qq5-8q26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5541","GHSA-28gc-4qq5-8q26"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cpxg-pzcj-73gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18781?format=json","vulnerability_id":"VCID-fb4d-p8pw-yka4","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')\nIn a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72249"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5550","reference_id":"","reference_type":"","scores":[{"value":"0.01474","scoring_system":"epss","scoring_elements":"0.81264","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5550"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243452","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243452"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/77766f9c8af8fc8d861d7ac09ce4e1f6e72faca7"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451591","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-27T19:58:39Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451591"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5550","reference_id":"CVE-2023-5550","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5550"},{"reference_url":"https://github.com/advisories/GHSA-5cvx-cwpx-9rjh","reference_id":"GHSA-5cvx-cwpx-9rjh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cvx-cwpx-9rjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5550","GHSA-5cvx-cwpx-9rjh"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fb4d-p8pw-yka4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18787?format=json","vulnerability_id":"VCID-gqwn-qskg-qbc7","summary":"Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability\nStronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77846"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5548","reference_id":"","reference_type":"","scores":[{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51338","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5548"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243449","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243449"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/7679452caff6faa33f00d3f0589c5190bc01a933"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451589","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://moodle.org/mod/forum/discuss.php?d=451589"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5548","reference_id":"CVE-2023-5548","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5548"},{"reference_url":"https://github.com/advisories/GHSA-cwh2-q44x-5w3c","reference_id":"GHSA-cwh2-q44x-5w3c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cwh2-q44x-5w3c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5548","GHSA-cwh2-q44x-5w3c"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqwn-qskg-qbc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18784?format=json","vulnerability_id":"VCID-p9vn-r312-1beg","summary":"Moodle Improper Access Control vulnerability\nInsufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they does not have the capability to manage.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-66730"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5549","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.49143","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5549"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243451","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243451"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/5a765e124c950b1e4313c9bf96ea2dd194f65c75"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451590","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-19T18:16:10Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451590"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5549","reference_id":"CVE-2023-5549","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5549"},{"reference_url":"https://github.com/advisories/GHSA-fm5h-58g2-4m3f","reference_id":"GHSA-fm5h-58g2-4m3f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fm5h-58g2-4m3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66472?format=json","purl":"pkg:composer/moodle/moodle@3.9.24","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.24"},{"url":"http://public2.vulnerablecode.io/api/packages/66473?format=json","purl":"pkg:composer/moodle/moodle@3.11.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.17"},{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5549","GHSA-fm5h-58g2-4m3f"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9vn-r312-1beg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18780?format=json","vulnerability_id":"VCID-qmcu-uyur-r7bg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/"}],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5546","reference_id":"","reference_type":"","scores":[{"value":"0.02379","scoring_system":"epss","scoring_elements":"0.8525","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-5546"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243445","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2243445"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moodle/moodle/commit/aa8ab48521fe4a57c3ec923e6e82a5ac1202e9de"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=451587","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T19:14:29Z/"}],"url":"https://moodle.org/mod/forum/discuss.php?d=451587"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5546","reference_id":"CVE-2023-5546","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-5546"},{"reference_url":"https://github.com/advisories/GHSA-9724-h8p7-r3jv","reference_id":"GHSA-9724-h8p7-r3jv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9724-h8p7-r3jv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66474?format=json","purl":"pkg:composer/moodle/moodle@4.0.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.11"},{"url":"http://public2.vulnerablecode.io/api/packages/66475?format=json","purl":"pkg:composer/moodle/moodle@4.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/66476?format=json","purl":"pkg:composer/moodle/moodle@4.2.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.3"},{"url":"http://public2.vulnerablecode.io/api/packages/66483?format=json","purl":"pkg:composer/moodle/moodle@4.3.0-rc2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}],"aliases":["CVE-2023-5546","GHSA-9724-h8p7-r3jv"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmcu-uyur-r7bg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.3.0-rc2"}