vulnerability

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-5541)

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:N/I:P/A:N)	Nov 9, 2023	Nov 17, 2023	Aug 1, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 9, 2023

Added

Nov 17, 2023

Modified

Aug 1, 2025

Description

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.

moodle-upgrade-3_11_17moodle-upgrade-3_9_24moodle-upgrade-4_0_11moodle-upgrade-4_1_6moodle-upgrade-4_2_3

NEW

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.