6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can be exploited by attackers to cause stored cross-site scripting (XSS) and cross-site request forgery (SSRF) attacks.
CPE | Name | Operator | Version |
---|---|---|---|
Moodle Moodle >=3.9.0, | lt | 3.9.15 | |
Moodle Moodle >=3.11.0, | lt | 3.11.8 | |
Moodle Moodle | eq | 4.0.0 | |
Moodle Moodle | eq | 4.0.1 |