Cross-site Scripting (XSS)

2022-03-1506:59:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

22.8%

JSON

moodle/moodle is vulnerable to stored cross-site scripting. The vulnerability exists in get_question_heading function in report.php due to lack of sanitization which allows an attacker to inject and execute arbitrary javascript.

CPENameOperatorVersion
moodle/moodlelev3.11.6
moodle/moodlelev3.11.6

CPE	Name	Operator	Version
	moodle/moodle	le	v3.11.6
	moodle/moodle	le	v3.11.6

References

git.moodle.org/gw?p=moodle.git;a=commitdiff;h=f40dfdf51ed30b78d4f884bceaf2d5730ef41d44;hp=eaa157d6ff89edf18644dadb77180cbff75dc95a

github.com/advisories/GHSA-5wjh-v7c8-wrhx

github.com/moodle/moodle/commit/f40dfdf51ed30b78d4f884bceaf2d5730ef41d44

moodle.org/mod/forum/discuss.php?d=422309

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for VERACODE:34689