Lucene search

K

[email protected]NVD:CVE-2022-45151

HistoryNov 23, 2022 - 3:15 p.m.

CVE-2022-45151

2022-11-2315:15:10

CWE-79

[email protected]

web.nvd.nist.gov

2

moodle

user profile

stored-xss

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.4%

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several “social” user profile fields. An attacker could inject and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.

Affected configurations

NVD

Node

moodlemoodleRange3.11.0–3.11.11

OR

moodlemoodleRange4.0.0–4.0.5

Node

fedoraprojectfedoraMatch35

OR

fedoraprojectfedoraMatch36

OR

fedoraprojectfedoraMatch37

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131

bugzilla.redhat.com/show_bug.cgi?id=2142774

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

moodle.org/mod/forum/discuss.php?d=440771

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

44.4%

Related for NVD:CVE-2022-45151

cvelist1 prion1 veracode1 ubuntucve1 osv3 github1 cve1 openvas4 cnvd1 nessus5 redos1