Vulnerabilities > Fedoraproject
|2023-11-09||CVE-2023-5540|| Code Injection vulnerability in multiple products |
A remote code execution risk was identified in the IMSCP activity.
| 8.8 |
|2023-11-09||CVE-2023-5542|| Exposure of Resource to Wrong Sphere vulnerability in multiple products |
Students in "Only see own membership" groups could see other students in the group, which should be hidden.
| 4.3 |
|2023-11-09||CVE-2023-5544|| Authorization Bypass Through User-Controlled Key vulnerability in multiple products |
Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.
| 5.4 |
|2023-11-09||CVE-2023-5545|| Exposure of Resource to Wrong Sphere vulnerability in multiple products |
H5P metadata automatically populated the author with the user's username, which could be sensitive information.
| 5.3 |
|2023-11-09||CVE-2023-5546|| Cross-site Scripting vulnerability in multiple products |
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.
| 5.4 |
|2023-11-09||CVE-2023-5547|| Cross-site Scripting vulnerability in multiple products |
The course upload preview contained an XSS risk for users uploading unsafe data.
| 6.1 |
|2023-11-09||CVE-2023-5548|| Insufficient Verification of Data Authenticity vulnerability in multiple products |
Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.
| 5.3 |
|2023-11-09||CVE-2023-5549|| Improper Privilege Management vulnerability in multiple products |
Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.
| 5.3 |
|2023-11-09||CVE-2023-5550||In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.|| 9.8 |
|2023-11-09||CVE-2023-5551||Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.|| 3.3 |