ROS-20221222-03

A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library.
data in the LTI vendor’s library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and trick the application into initiating an attack.
remotely, send a specially crafted HTTP request and trick the application into initiating
requests to arbitrary systems

A vulnerability in the Moodle course management system is related to insufficient cleansing of user data in
several “social” fields in a user’s profile. Exploitation of the vulnerability could allow an attacker,
acting remotely, forcing the victim to click on a specially crafted link and execute arbitrary
HTML code and script in the user’s browser in the context of a vulnerable website

A vulnerability in the Moodle course management system is related to insufficient cleansing of user data.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and script in the context of a vulnerable website.
a specially crafted link and execute arbitrary HTML code and script in the user’s browser in the context of a vulnerable website.
The context of a vulnerable website

The vulnerability in the Moodle course management system is related to insufficient validation of the source of the HTTP request in the
Course Redirect URL. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to visit a specially targeted website.
remotely, cause a victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
on behalf of the victim on the vulnerable website