PRIOn knowledge basePRION:CVE-2022-45150

HistoryNov 23, 2022 - 3:15 p.m.

Cross site scripting

2022-11-2315:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

reflected

vulnerability

sanitization

user-supplied data

policy tool

specially crafted link

arbitrary code

browser

context

nvd

7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user’s browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CPENameOperatorVersion
fedoraeq35
fedoraeq36
fedoraeq37
moodlege3.11.0
moodlelt3.11.11
moodlege4.0.0
moodlelt4.0.5
moodlege3.9.0
moodlelt3.9.18

Name	Operator	Version
fedora	eq	35
fedora	eq	36
fedora	eq	37
moodle	ge	3.11.0
moodle	lt	3.11.11
moodle	ge	4.0.0
moodle	lt	4.0.5
moodle	ge	3.9.0
moodle	lt	3.9.18

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76091

bugzilla.redhat.com/show_bug.cgi?id=2142773

lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

moodle.org/mod/forum/discuss.php?d=440770