{
  "id": "CVE-2023-46858",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-10-29T01:15:41.087",
  "lastModified": "2023-10-29T01:44:12.570",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "** DISPUTED ** Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states \"Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not.\""
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd",
      "source": "cve@mitre.org"
    }
  ]
}