The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities:
An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection to a course which has been just restored. (CVE-2022-45149)
A Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the return URL in the policy tool. (CVE-2022-45150)
A stored Cross-Site Scripting (XSS) vulnerability due to the lack of sanitization of the ‘social’ user profile field type. (CVE-2022-45151)
A blind Server-Side Request Forgery (SSRF) vulnerability due to the LTI provider library not using Moodle inbuilt cURL helper. (CVE-2022-45152)
Note that the scanner has not attempted to exploit this issue but has instead relied only on application’s self-reported version number.
No source data
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45149
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45151
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45152
moodle.org/mod/forum/discuss.php?d=440769#p1773537
moodle.org/mod/forum/discuss.php?d=440770#p1773538
moodle.org/mod/forum/discuss.php?d=440772#p1773540
moodle.org/mod/forum/discuss.php?d=443272#p1782021