Cross-site Scripting in moodle

🗓️ 19 May 2022 00:00:15Reported by GitHub Advisory DatabaseType

Cross-site Scripting in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS ris

Reporter	Title	Published	Views	Family All 36
ATTACKERKB	CVE-2022-30596	18 May 202217:15	–	attackerkb
BDU FSTEC	The vulnerability of the virtual learning environment Moodle, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.	30 May 202200:00	–	bdu_fstec
CNNVD	Moodle 跨站脚本漏洞	17 May 202200:00	–	cnnvd
CVE	CVE-2022-30596	18 May 202216:59	–	cve
Cvelist	CVE-2022-30596	18 May 202216:59	–	cvelist
EUVD	EUVD-2022-5645	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 35 Update: moodle-3.11.7-1.fc35	27 May 202201:12	–	fedora
Fedora	[SECURITY] Fedora 36 Update: moodle-3.11.7-1.fc36	27 May 202201:10	–	fedora
Fedora	[SECURITY] Fedora 34 Update: moodle-3.11.7-1.fc34	27 May 202201:03	–	fedora
NVD	CVE-2022-30596	18 May 202217:15	–	nvd

Vulners

Node

moodle moodleRange3.9–3.9.14composer

moodle moodleRange3.10–3.10.11composer

moodle moodleRange3.11–3.11.7composer

moodle moodleRange4.0–4.0.1composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-30596
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
moodle	www.moodle.org/mod/forum/discuss.php
git	www.git.moodle.org/gw
github	www.github.com/moodle/moodle/commit/6abe964bbac41b5e40a81b40962f7044b0dc201e
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/
github	www.github.com/advisories/GHSA-wvh5-78h5-gmgr

12 Sep 2023 14:20Current

6.8Medium risk

Vulners AI Score6.8

CVSS 23.5

CVSS 3.15.4

EPSS0.00875

CWE-79