Search for vulnerabilities
Vulnerability details: VCID-vk7c-xpsp-nbcc
Vulnerability ID VCID-vk7c-xpsp-nbcc
Aliases CVE-2023-28335
GHSA-wxmq-v9gx-75pg
Summary Moodle vulnerable to Cross-site Request Forgery The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2023-28335
epss 0.00303 https://api.first.org/data/v1/epss?cve=CVE-2023-28335
cvssv3.1 8.8 https://bugzilla.redhat.com/show_bug.cgi?id=2179424
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=2179424
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2179424
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-wxmq-v9gx-75pg
cvssv3.1 8.8 https://github.com/moodle/moodle
generic_textual HIGH https://github.com/moodle/moodle
cvssv3.1 8.8 https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35
generic_textual HIGH https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35
cvssv3.1 8.8 https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35
generic_textual HIGH https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35
cvssv3.1 8.8 https://moodle.org/mod/forum/discuss.php?d=445067
generic_textual HIGH https://moodle.org/mod/forum/discuss.php?d=445067
ssvc Track https://moodle.org/mod/forum/discuss.php?d=445067
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2023-28335
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-28335
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-28335
https://bugzilla.redhat.com/show_bug.cgi?id=2179424
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35
https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35
https://moodle.org/mod/forum/discuss.php?d=445067
https://nvd.nist.gov/vuln/detail/CVE-2023-28335
GHSA-wxmq-v9gx-75pg https://github.com/advisories/GHSA-wxmq-v9gx-75pg
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2179424
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T15:02:59Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2179424
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/moodle/moodle/commit/355556c05f4a6d9e223164eff820cd34eb70cc35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://git.moodle.org/gw?p=moodle.git;a=commitdiff;h=355556c05f4a6d9e223164eff820cd34eb70cc35
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://moodle.org/mod/forum/discuss.php?d=445067
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T15:02:59Z/ Found at https://moodle.org/mod/forum/discuss.php?d=445067
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-28335
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.5307
EPSS Score 0.00303
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:15:14.713599+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-wxmq-v9gx-75pg/GHSA-wxmq-v9gx-75pg.json 36.1.3