9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
0.003 Low
EPSS
Percentile
69.7%
A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library.
data in the LTI vendor’s library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and trick the application into initiating an attack.
remotely, send a specially crafted HTTP request and trick the application into initiating
requests to arbitrary systems
A vulnerability in the Moodle course management system is related to insufficient cleansing of user data in
several “social” fields in a user’s profile. Exploitation of the vulnerability could allow an attacker,
acting remotely, forcing the victim to click on a specially crafted link and execute arbitrary
HTML code and script in the user’s browser in the context of a vulnerable website
A vulnerability in the Moodle course management system is related to insufficient cleansing of user data.
Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and script in the context of a vulnerable website.
a specially crafted link and execute arbitrary HTML code and script in the user’s browser in the context of a vulnerable website.
The context of a vulnerable website
The vulnerability in the Moodle course management system is related to insufficient validation of the source of the HTTP request in the
Course Redirect URL. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to visit a specially targeted website.
remotely, cause a victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
on behalf of the victim on the vulnerable website