Lucene search

China National Vulnerability DatabaseCNVD-2022-54916

HistoryJul 21, 2022 - 12:00 a.m.

Moodle Input Validation Error Vulnerability (CNVD-2022-54916)

2022-07-2100:00:00

China National Vulnerability Database

www.cnvd.org.cn

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

JSON

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can be exploited by attackers to cause stored cross-site scripting (XSS) and cross-site request forgery (SSRF) attacks.

CPENameOperatorVersion
Moodle Moodle >=3.9.0，lt3.9.15
Moodle Moodle >=3.11.0，lt3.11.8
Moodle Moodleeq4.0.0
Moodle Moodleeq4.0.1

Name	Operator	Version
Moodle Moodle >=3.9.0，	lt	3.9.15
Moodle Moodle >=3.11.0，	lt	3.11.8
Moodle Moodle	eq	4.0.0
Moodle Moodle	eq	4.0.1

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

JSON

Related for CNVD-2022-54916