CVE-2023-5546: 
PHP vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in Moodle's quiz grading report feature, identified as CVE-2023-5546. The vulnerability affects Moodle versions 4.2 to 4.2.2, 4.1 to 4.1.5, and 4.0 to 4.0.10, where ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk (Moodle Forum).

The vulnerability is classified as a CWE-79 (Improper Neutralization of Input During Web Page Generation) issue. It received a CVSS v3.1 base score of 5.4 (Medium) from NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, while Fedora Project assessed it with a score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD).

The vulnerability could allow attackers to execute stored XSS attacks through user ID numbers in the quiz grading report, potentially leading to unauthorized access to sensitive information and compromised user interactions (Moodle Forum).

The vulnerability has been fixed in Moodle versions 4.2.3, 4.1.6, and 4.0.11. Users are advised to upgrade to these patched versions to mitigate the risk (Moodle Forum).