MSA-23-0001: Reflected XSS risk in some returnurl parameters

MSA-23-0001: Reflected XSS risk in some returnurl parameters

by Michael Hawkins -
Number of replies: 0

Some returnurl parameters required additional sanitizing to prevent a reflected XSS risk.


Severity/Risk: Serious
Versions affected: 4.1, 4.0 to 4.0.5, 3.11 to 3.11.11, 3.9 to 3.9.18 and earlier unsupported versions
Versions fixed: 4.1.1, 4.0.6, 3.11.12 and 3.9.19
Reported by: DegrangeM
CVE identifier: CVE-2023-23921
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810
Tracker issue: MDL-76810 Reflected XSS risk in some returnurl parameters