6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-35131

GHSA ID

GHSA-fwfj-8p36-rc64

EPSS Score

0.67165%

CWE

CWE-79

Published

6/22/2023

Updated

4/19/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-35131

CVE-2023-35131: Moodle vulnerable to Cross-site Scripting

Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-35131

CVE-2023-35131:

6.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-35131

GHSA ID

GHSA-fwfj-8p36-rc64

EPSS Score

0.67165%

CWE

CWE-79

Published

6/22/2023

Updated

4/19/2024

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	= 4.2.0	4.2.1
moodle/moodle	composer	>= 4.1.0, < 4.1.4	4.1.4
moodle/moodle	composer	>= 4.0.0, < 4.0.9	4.0.9
moodle/moodle	composer	< 3.11.15	3.11.15

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient sanitization on the groups page, specifically in rendering user-controlled content. Moodle's group management typically uses renderer classes (e.g., in group/classes/output/) to generate HTML. The advisory explicitly mentions the groups page, and XSS vulnerabilities in Moodle often occur in renderer methods that output unescaped data. The lack of commit details prevents absolute certainty, but the structured naming convention (renderer.php + groups_table) aligns with Moodle's architecture and the described flaw. The confidence is high because the pattern matches Moodle's XSS mitigation practices (e.g., missing format_string() or s() calls).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-35131: Moodle vulnerable to Cross-site Scripting

CVE-2023-35131:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

CVE-2023-35131: Moodle vulnerable to Cross-site Scripting

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

6.1

6.1

6.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-35131: Moodle vulnerable to Cross-site Scripting

CVE-2023-35131:

6.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability IntelligenceMiggo AI

CVE-2023-35131: Moodle vulnerable to Cross-site Scripting

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

6.1

6.1

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI