Moodle reflected cross-site scripting vulnerability in policy tool

2022-11-2315:30:21

Google

osv.dev

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user’s browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CPENameOperatorVersion
moodle/moodleeq3.11.8
moodle/moodleeq3.9.6
moodle/moodleeq3.11.7
moodle/moodleeq3.9.3
moodle/moodleeq3.9.11
moodle/moodleeq4.0.3
moodle/moodleeq3.9.1
moodle/moodleeq3.11.1
moodle/moodleeq4.0.1
moodle/moodleeq3.9.9

Name	Operator	Version
moodle/moodle	eq	3.11.8
moodle/moodle	eq	3.9.6
moodle/moodle	eq	3.11.7
moodle/moodle	eq	3.9.3
moodle/moodle	eq	3.9.11
moodle/moodle	eq	4.0.3
moodle/moodle	eq	3.9.1
moodle/moodle	eq	3.11.1
moodle/moodle	eq	4.0.1
moodle/moodle	eq	3.9.9