CVE-2023-35131

Name of the Vulnerable Software and Affected Versions Moodle versions 3.11 to 3.11.14 Moodle versions 4.0 to 4.0.8 Moodle versions 4.1 to 4.1.3 Moodle version 4.2

Description The issue is related to insufficient sanitizing of user-provided data on the groups page, which poses an XSS risk. This could allow a remote attacker to steal potentially confidential information, modify the appearance of web pages, or conduct phishing and disk loading attacks.

Recommendations For Moodle versions 3.11 to 3.11.14, update to a version that includes the necessary sanitizing fixes. For Moodle versions 4.0 to 4.0.8, update to a version that includes the necessary sanitizing fixes. For Moodle versions 4.1 to 4.1.3, update to a version that includes the necessary sanitizing fixes. For Moodle version 4.2, update to a version that includes the necessary sanitizing fixes. As a temporary workaround, consider restricting access to the groups page until a patch is available.