Ubuntu.comUB:CVE-2022-35653CVE-2022-35653
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.011 Low
EPSS
Percentile
84.6%
A reflected XSS issue was identified in the LTI module of Moodle. The
vulnerability exists due to insufficient sanitization of user-supplied data
in the LTI module. A remote attacker can trick the victim to follow a
specially crafted link and execute arbitrary HTML and script code in user’s
browser in context of vulnerable website to steal potentially sensitive
information, change appearance of the web page, can perform phishing and
drive-by-download attacks. This vulnerability does not impact authenticated
users.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
bugzilla.redhat.com/show_bug.cgi?id=2106277
launchpad.net/bugs/cve/CVE-2022-35653
lists.fedoraproject.org/archives/list/[email protected]/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
lists.fedoraproject.org/archives/list/[email protected]/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
moodle.org/mod/forum/discuss.php?d=436460
nvd.nist.gov/vuln/detail/CVE-2022-35653
security-tracker.debian.org/tracker/CVE-2022-35653
www.cve.org/CVERecord?id=CVE-2022-35653
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.011 Low
EPSS
Percentile
84.6%