CVE-2023-46858 Information

Description

DISPUTED Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states \Some forms of rich content [are] used by teachers to enhance their courses … admins and teachers can post XSS-capable content but students can not.\

Reference

https://gist.github.com/Abid-Ahmad/12d2b4878eb731e8871b96b7d55125cd https://docs.moodle.org/403/en/Security_FAQ#I_have_discovered_Cross_Site_Scripting_.28XSS.29_is_possible_with_Moodle