CVE-2023-5546

MEDIUM

Moodle 4.0.0-4.0.10 and <4.3.0-rc2 - Stored Cross-Site Scripting in Quiz Grading Report ID Numbers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-5546. PoCs published by obelia01.

AI-analyzed exploit summary The repository contains only a README.md file with a CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

Description

ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.

Exploits (1)

nomisec STUB

by obelia01 · poc

https://github.com/obelia01/CVE-2023-5546

View Code ZIP pw:eip

The repository contains only a README.md file with a CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78971

Patch

https://moodle.org/mod/forum/discuss.php?d=451587

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2243445

Scores

CVSS v3 4.3

EPSS 0.0238

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (6)

fedoraproject/fedora 37

fedoraproject/fedora 38

fedoraproject/fedora 39

moodle/moodle 0 - 4.3.0-rc2Packagist

moodle/moodle 4.0.0 - 4.0.11

redhat/enterprise_linux 7.0

Published Nov 09, 2023

Tracked Since Feb 18, 2026