Search for vulnerabilities
Vulnerability details: VCID-6dfh-mncw-e7b4
Vulnerability ID VCID-6dfh-mncw-e7b4
Aliases CVE-2023-28332
GHSA-9f45-9qrw-pp4v
Summary Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00487 https://api.first.org/data/v1/epss?cve=CVE-2023-28332
epss 0.00487 https://api.first.org/data/v1/epss?cve=CVE-2023-28332
cvssv3.1 6.1 https://bugzilla.redhat.com/show_bug.cgi?id=2179419
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2179419
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2179419
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9f45-9qrw-pp4v
cvssv3.1 6.1 https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle
cvssv3.1 6.1 https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
generic_textual MODERATE https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
cvssv3.1 6.1 https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
generic_textual MODERATE https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
ssvc Track https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
cvssv3.1 6.1 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
cvssv3.1 6.1 https://moodle.org/mod/forum/discuss.php?d=445064
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=445064
ssvc Track https://moodle.org/mod/forum/discuss.php?d=445064
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2023-28332
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-28332
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-28332
https://bugzilla.redhat.com/show_bug.cgi?id=2179419
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
https://moodle.org/mod/forum/discuss.php?d=445064
https://nvd.nist.gov/vuln/detail/CVE-2023-28332
3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
GHSA-9f45-9qrw-pp4v https://github.com/advisories/GHSA-9f45-9qrw-pp4v
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2179419
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T13:35:45Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2179419
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/9f178c1f816e78ec024ab16a10192c81305b2624
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T13:35:45Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=445064
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T13:35:45Z/ Found at https://moodle.org/mod/forum/discuss.php?d=445064
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28332
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64409
EPSS Score 0.00487
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:12.441598+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-9f45-9qrw-pp4v/GHSA-9f45-9qrw-pp4v.json 36.1.3