CVE-2022-45149 (https://bugzilla.redhat.com/show_bug.cgi?id=2142772): https://moodle.org/mod/forum/discuss.php?d=440769 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75862 A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks. CVE-2022-45150 (https://bugzilla.redhat.com/show_bug.cgi?id=2142773): https://moodle.org/mod/forum/discuss.php?d=440770 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091 A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. CVE-2022-45151 (https://bugzilla.redhat.com/show_bug.cgi?id=2142774): https://moodle.org/mod/forum/discuss.php?d=440771 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131 The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. CVE-2022-45152 (https://bugzilla.redhat.com/show_bug.cgi?id=2142775): https://moodle.org/mod/forum/discuss.php?d=440772 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71920 A blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems. This vulnerability allows a remote attacker to perform SSRF attacks. Fixes in 3.9.18, 3.11.11, 4.0.5. Please bump.
CVE-2023-23921 (https://bugzilla.redhat.com/show_bug.cgi?id=2162526): https://moodle.org/mod/forum/discuss.php?d=443272#p1782021 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810 The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. CVE-2023-23922 (https://bugzilla.redhat.com/show_bug.cgi?id=2162547): https://moodle.org/mod/forum/discuss.php?d=443273#p1782022 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861 The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks. CVE-2023-23923 (https://bugzilla.redhat.com/show_bug.cgi?id=2162549): https://moodle.org/mod/forum/discuss.php?d=443274#p1782023 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76862 The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. A remote attacker can set that preference for another user. The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality. None of the commits seem to be a part of any release.
