CVE-2022-45151 — Cross-site Scripting in Moodle

CWE-79 — Cross-site Scripting4 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 49.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Fedoraproject Fedora

Timeline

PublishedNov 23

Description

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDmoodle/moodle3.11.0 — 3.11.11+1

▶Packagistmoodle/moodle3.11 — 3.11.11+1

▶CVEListV5moodle/moodleFixed in moodle 4.0.5, moodle 3.11.11

Also affects: Fedora 35, 36, 37

🔴Vulnerability Details

OSV

Moodle stored-XSS vulnerability in some "social" user profile fields↗2022-11-23

▶

OSV

CVE-2022-45151: The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user pro↗2022-11-23

▶

GHSA

Moodle stored-XSS vulnerability in some "social" user profile fields↗2022-11-23

▶