Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-91z3-7wza-c7gs
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
Aliases
0
alias CVE-2023-23921
1
alias GHSA-97qf-pq7x-964m
Fixed_packages
0
url pkg:composer/moodle/moodle@3.9.19
purl pkg:composer/moodle/moodle@3.9.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.19
1
url pkg:composer/moodle/moodle@3.11.12
purl pkg:composer/moodle/moodle@3.11.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.12
2
url pkg:composer/moodle/moodle@4.0.6
purl pkg:composer/moodle/moodle@4.0.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.6
3
url pkg:composer/moodle/moodle@4.1.1
purl pkg:composer/moodle/moodle@4.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.1
Affected_packages
0
url pkg:composer/moodle/moodle@3.9.0
purl pkg:composer/moodle/moodle@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-17vy-726y-u7fz
1
vulnerability VCID-1wmh-jwh7-2fcw
2
vulnerability VCID-2et6-3ejg-27b8
3
vulnerability VCID-2znf-gepe-hbed
4
vulnerability VCID-3898-265t-1yd5
5
vulnerability VCID-4c27-utgj-47e9
6
vulnerability VCID-4s7h-83dq-aua7
7
vulnerability VCID-529p-ynkh-jfeg
8
vulnerability VCID-5hq2-2rn1-73g7
9
vulnerability VCID-5v9k-wk4u-uuf9
10
vulnerability VCID-634y-94qn-huhz
11
vulnerability VCID-68h6-fzmy-qqce
12
vulnerability VCID-6x4n-my8x-sbfg
13
vulnerability VCID-86zg-df5e-33gn
14
vulnerability VCID-8vb6-115w-hyfc
15
vulnerability VCID-8xgp-3nds-d7dm
16
vulnerability VCID-91z3-7wza-c7gs
17
vulnerability VCID-a8ct-r1tq-tfdr
18
vulnerability VCID-a8sa-7ed7-wbby
19
vulnerability VCID-ajnx-w4at-7fgp
20
vulnerability VCID-c5dg-exke-hfg6
21
vulnerability VCID-cf2z-a3h4-jkhf
22
vulnerability VCID-cpxg-pzcj-73gn
23
vulnerability VCID-cr63-89au-4be2
24
vulnerability VCID-dhu5-3tda-2qfx
25
vulnerability VCID-e52k-bb2k-tbgh
26
vulnerability VCID-eq8q-vrca-xbdb
27
vulnerability VCID-eweg-zt1g-uyak
28
vulnerability VCID-ex6v-wa1m-j7f6
29
vulnerability VCID-exk5-1mmz-7kep
30
vulnerability VCID-f1na-71hq-w7c3
31
vulnerability VCID-fj1x-be1c-h3c4
32
vulnerability VCID-fvkk-381y-1kcb
33
vulnerability VCID-gcfy-vcgn-5uc7
34
vulnerability VCID-gu1a-396c-7bgp
35
vulnerability VCID-gxc1-npsq-b7ed
36
vulnerability VCID-j8n5-7feg-8bbp
37
vulnerability VCID-ktfp-pk4e-2fa7
38
vulnerability VCID-m21y-dkas-wyc8
39
vulnerability VCID-mk9g-47tz-tfcv
40
vulnerability VCID-mkuq-tdbg-t3ce
41
vulnerability VCID-p8kp-q9s2-w3dq
42
vulnerability VCID-pfk9-w5ge-4uhh
43
vulnerability VCID-pfv8-kvcb-5udc
44
vulnerability VCID-pxvb-vwj1-ukc3
45
vulnerability VCID-rb6y-r3se-jya9
46
vulnerability VCID-s3wm-bype-73bh
47
vulnerability VCID-svds-tck8-rqce
48
vulnerability VCID-sxen-ree9-kbfr
49
vulnerability VCID-t5d1-h6c9-6kex
50
vulnerability VCID-u5tg-a91q-ckf3
51
vulnerability VCID-urh4-9kzr-93c3
52
vulnerability VCID-vgwe-53vc-m7gn
53
vulnerability VCID-wc31-v1d5-jydh
54
vulnerability VCID-wk9h-bhj5-zua8
55
vulnerability VCID-wzxa-tm3r-tkc1
56
vulnerability VCID-y1m2-7ua9-47fm
57
vulnerability VCID-yyb2-961k-qyet
58
vulnerability VCID-zhhy-m421-nffk
59
vulnerability VCID-zn3y-sq7h-83h9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0
1
url pkg:composer/moodle/moodle@3.10.0
purl pkg:composer/moodle/moodle@3.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wmh-jwh7-2fcw
1
vulnerability VCID-2et6-3ejg-27b8
2
vulnerability VCID-2znf-gepe-hbed
3
vulnerability VCID-4c27-utgj-47e9
4
vulnerability VCID-4k5r-agwn-ruea
5
vulnerability VCID-4s7h-83dq-aua7
6
vulnerability VCID-634y-94qn-huhz
7
vulnerability VCID-6x4n-my8x-sbfg
8
vulnerability VCID-8xgp-3nds-d7dm
9
vulnerability VCID-91z3-7wza-c7gs
10
vulnerability VCID-a23e-gfs9-vyhk
11
vulnerability VCID-a7n4-f1nk-vqec
12
vulnerability VCID-a8pk-18gr-mubw
13
vulnerability VCID-a8sa-7ed7-wbby
14
vulnerability VCID-ajnx-w4at-7fgp
15
vulnerability VCID-c5dg-exke-hfg6
16
vulnerability VCID-cf2z-a3h4-jkhf
17
vulnerability VCID-dhu5-3tda-2qfx
18
vulnerability VCID-e52k-bb2k-tbgh
19
vulnerability VCID-eq8q-vrca-xbdb
20
vulnerability VCID-ex6v-wa1m-j7f6
21
vulnerability VCID-exk5-1mmz-7kep
22
vulnerability VCID-fb4d-p8pw-yka4
23
vulnerability VCID-fj1x-be1c-h3c4
24
vulnerability VCID-fvkk-381y-1kcb
25
vulnerability VCID-gcfy-vcgn-5uc7
26
vulnerability VCID-gj75-c27j-ekbu
27
vulnerability VCID-gxc1-npsq-b7ed
28
vulnerability VCID-j8n5-7feg-8bbp
29
vulnerability VCID-jc4y-cpn8-6kgs
30
vulnerability VCID-k253-m5ud-8bgc
31
vulnerability VCID-mkuq-tdbg-t3ce
32
vulnerability VCID-p8kp-q9s2-w3dq
33
vulnerability VCID-svds-tck8-rqce
34
vulnerability VCID-t5d1-h6c9-6kex
35
vulnerability VCID-vgwe-53vc-m7gn
36
vulnerability VCID-wc31-v1d5-jydh
37
vulnerability VCID-yyb2-961k-qyet
38
vulnerability VCID-zhhy-m421-nffk
39
vulnerability VCID-zn3y-sq7h-83h9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.0
2
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-25et-htwq-hkgj
2
vulnerability VCID-2ymd-b1p7-dygz
3
vulnerability VCID-2znf-gepe-hbed
4
vulnerability VCID-3898-265t-1yd5
5
vulnerability VCID-3pgc-yptg-tuaa
6
vulnerability VCID-4bfr-preb-afas
7
vulnerability VCID-4c27-utgj-47e9
8
vulnerability VCID-4k5r-agwn-ruea
9
vulnerability VCID-529p-ynkh-jfeg
10
vulnerability VCID-57pd-ath8-1yf9
11
vulnerability VCID-5gh4-58jt-dfet
12
vulnerability VCID-5hq2-2rn1-73g7
13
vulnerability VCID-5v9k-wk4u-uuf9
14
vulnerability VCID-634y-94qn-huhz
15
vulnerability VCID-86zg-df5e-33gn
16
vulnerability VCID-8vb6-115w-hyfc
17
vulnerability VCID-91z3-7wza-c7gs
18
vulnerability VCID-97gg-fuah-jqcq
19
vulnerability VCID-9rv1-hn65-dbhe
20
vulnerability VCID-a195-b6wc-xkbv
21
vulnerability VCID-a8pk-18gr-mubw
22
vulnerability VCID-affq-4sqk-p7ad
23
vulnerability VCID-cf2z-a3h4-jkhf
24
vulnerability VCID-cpxg-pzcj-73gn
25
vulnerability VCID-cr63-89au-4be2
26
vulnerability VCID-e52k-bb2k-tbgh
27
vulnerability VCID-eq8q-vrca-xbdb
28
vulnerability VCID-eweg-zt1g-uyak
29
vulnerability VCID-ex6v-wa1m-j7f6
30
vulnerability VCID-exk5-1mmz-7kep
31
vulnerability VCID-fb4d-p8pw-yka4
32
vulnerability VCID-fj1x-be1c-h3c4
33
vulnerability VCID-fvkk-381y-1kcb
34
vulnerability VCID-fxx8-f2pp-27du
35
vulnerability VCID-gcfy-vcgn-5uc7
36
vulnerability VCID-gqwn-qskg-qbc7
37
vulnerability VCID-jc4y-cpn8-6kgs
38
vulnerability VCID-k253-m5ud-8bgc
39
vulnerability VCID-m21y-dkas-wyc8
40
vulnerability VCID-mkuq-tdbg-t3ce
41
vulnerability VCID-nh3b-9waz-rfe5
42
vulnerability VCID-nr96-4dtm-kbf9
43
vulnerability VCID-p9vn-r312-1beg
44
vulnerability VCID-pfk9-w5ge-4uhh
45
vulnerability VCID-pxvb-vwj1-ukc3
46
vulnerability VCID-qkfp-k2g6-dba1
47
vulnerability VCID-rb6y-r3se-jya9
48
vulnerability VCID-s3wm-bype-73bh
49
vulnerability VCID-sxen-ree9-kbfr
50
vulnerability VCID-v9pe-asg8-37hv
51
vulnerability VCID-vgwe-53vc-m7gn
52
vulnerability VCID-wc31-v1d5-jydh
53
vulnerability VCID-wmaz-p29k-kuh8
54
vulnerability VCID-wzxa-tm3r-tkc1
55
vulnerability VCID-yyb2-961k-qyet
56
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
3
url pkg:composer/moodle/moodle@4.0.0-beta
purl pkg:composer/moodle/moodle@4.0.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91z3-7wza-c7gs
1
vulnerability VCID-bvne-5ym9-byaz
2
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0-beta
4
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-2ymd-b1p7-dygz
2
vulnerability VCID-3898-265t-1yd5
3
vulnerability VCID-3pgc-yptg-tuaa
4
vulnerability VCID-4bfr-preb-afas
5
vulnerability VCID-4k5r-agwn-ruea
6
vulnerability VCID-529p-ynkh-jfeg
7
vulnerability VCID-57pd-ath8-1yf9
8
vulnerability VCID-5gh4-58jt-dfet
9
vulnerability VCID-5hq2-2rn1-73g7
10
vulnerability VCID-5v9k-wk4u-uuf9
11
vulnerability VCID-86zg-df5e-33gn
12
vulnerability VCID-8vb6-115w-hyfc
13
vulnerability VCID-91z3-7wza-c7gs
14
vulnerability VCID-97gg-fuah-jqcq
15
vulnerability VCID-9rv1-hn65-dbhe
16
vulnerability VCID-a195-b6wc-xkbv
17
vulnerability VCID-a8pk-18gr-mubw
18
vulnerability VCID-affq-4sqk-p7ad
19
vulnerability VCID-aubk-tpgh-z7e2
20
vulnerability VCID-bvne-5ym9-byaz
21
vulnerability VCID-cpxg-pzcj-73gn
22
vulnerability VCID-cr63-89au-4be2
23
vulnerability VCID-eweg-zt1g-uyak
24
vulnerability VCID-fb4d-p8pw-yka4
25
vulnerability VCID-gqwn-qskg-qbc7
26
vulnerability VCID-jc4y-cpn8-6kgs
27
vulnerability VCID-m21y-dkas-wyc8
28
vulnerability VCID-nh3b-9waz-rfe5
29
vulnerability VCID-nr96-4dtm-kbf9
30
vulnerability VCID-p9vn-r312-1beg
31
vulnerability VCID-pfk9-w5ge-4uhh
32
vulnerability VCID-pxvb-vwj1-ukc3
33
vulnerability VCID-qkfp-k2g6-dba1
34
vulnerability VCID-qmcu-uyur-r7bg
35
vulnerability VCID-rb6y-r3se-jya9
36
vulnerability VCID-s3wm-bype-73bh
37
vulnerability VCID-sxen-ree9-kbfr
38
vulnerability VCID-v9pe-asg8-37hv
39
vulnerability VCID-wmaz-p29k-kuh8
40
vulnerability VCID-wzxa-tm3r-tkc1
41
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
5
url pkg:composer/moodle/moodle@4.1.0-beta
purl pkg:composer/moodle/moodle@4.1.0-beta
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-91z3-7wza-c7gs
1
vulnerability VCID-bvne-5ym9-byaz
2
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0-beta
6
url pkg:composer/moodle/moodle@4.1.0
purl pkg:composer/moodle/moodle@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1vxe-caqu-kqab
1
vulnerability VCID-3898-265t-1yd5
2
vulnerability VCID-3pgc-yptg-tuaa
3
vulnerability VCID-4bfr-preb-afas
4
vulnerability VCID-4k5r-agwn-ruea
5
vulnerability VCID-57pd-ath8-1yf9
6
vulnerability VCID-5gh4-58jt-dfet
7
vulnerability VCID-5v9k-wk4u-uuf9
8
vulnerability VCID-91z3-7wza-c7gs
9
vulnerability VCID-97gg-fuah-jqcq
10
vulnerability VCID-9rv1-hn65-dbhe
11
vulnerability VCID-a195-b6wc-xkbv
12
vulnerability VCID-a8pk-18gr-mubw
13
vulnerability VCID-affq-4sqk-p7ad
14
vulnerability VCID-aubk-tpgh-z7e2
15
vulnerability VCID-bvne-5ym9-byaz
16
vulnerability VCID-cmz4-8t2n-27ef
17
vulnerability VCID-cpxg-pzcj-73gn
18
vulnerability VCID-fb4d-p8pw-yka4
19
vulnerability VCID-gqwn-qskg-qbc7
20
vulnerability VCID-jc4y-cpn8-6kgs
21
vulnerability VCID-nr96-4dtm-kbf9
22
vulnerability VCID-p9vn-r312-1beg
23
vulnerability VCID-qmcu-uyur-r7bg
24
vulnerability VCID-rb6y-r3se-jya9
25
vulnerability VCID-s3wm-bype-73bh
26
vulnerability VCID-u1r6-67qc-37cg
27
vulnerability VCID-v9pe-asg8-37hv
28
vulnerability VCID-zhhy-m421-nffk
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-23921
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52371
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-23921
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2162526
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2162526
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://moodle.org/mod/forum/discuss.php?d=443272#p1782021
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=443272#p1782021
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-23921
reference_id CVE-2023-23921
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-23921
6
reference_url https://github.com/advisories/GHSA-97qf-pq7x-964m
reference_id GHSA-97qf-pq7x-964m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-97qf-pq7x-964m
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-91z3-7wza-c7gs