CVE-2023-23922

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description The issue exists due to insufficient sanitization of user-supplied data in the blog search function. A remote attacker can trick the victim into following a specially crafted link, allowing the execution of arbitrary HTML and script code in the user's browser within the context of the vulnerable website. This flaw enables a remote attacker to perform cross-site scripting (XSS) attacks, potentially leading to the theft of confidential information, modification of the webpage's appearance, and execution of phishing attacks or drive-by downloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.