CVE-2022-35651
published 2022-07-25CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | >= 3.11 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.11.0 < 3.11.8 | 3.11.8 |
| moodle | moodle | >= 3.9 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 3.9.0 < 3.9.15 | 3.9.15 |
| moodle | moodle | >= 4.0 < 4.0.2 | 4.0.2 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
GHSA
Moodle Stored XSS and blind SSRF possible via SCORM track details
ghsa·2022-07-26
CVE-2022-35651 [MEDIUM] CWE-79 Moodle Stored XSS and blind SSRF possible via SCORM track details
Moodle Stored XSS and blind SSRF possible via SCORM track details
A stored Cross-site Scripting (XSS) and blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
OSV
Moodle Stored XSS and blind SSRF possible via SCORM track details
osv·2022-07-26
CVE-2022-35651 [MEDIUM] Moodle Stored XSS and blind SSRF possible via SCORM track details
Moodle Stored XSS and blind SSRF possible via SCORM track details
A stored Cross-site Scripting (XSS) and blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
OSV
CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track detail
osv·2022-07-25·CVSS 6.1
CVE-2022-35651 [MEDIUM] CVE-2022-35651: A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track detail
A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921https://bugzilla.redhat.com/show_bug.cgi?id=2106275https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436458http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921https://bugzilla.redhat.com/show_bug.cgi?id=2106275https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/https://moodle.org/mod/forum/discuss.php?d=436458
2022-07-25
Published