6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.9%
A stored Cross-site Scripting (XSS) and blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | lt | 4.0.2 | |
moodle/moodle | lt | 3.11.8 | |
moodle/moodle | lt | 3.9.15 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921
bugzilla.redhat.com/show_bug.cgi?id=2106275
github.com/advisories/GHSA-wwv7-h477-wrv7
lists.fedoraproject.org/archives/list/[email protected]/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3
lists.fedoraproject.org/archives/list/[email protected]/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V
moodle.org/mod/forum/discuss.php?d=436458
nvd.nist.gov/vuln/detail/CVE-2022-35651
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 Medium
AI Score
Confidence
High
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
69.9%