Lucene search

Veracode Vulnerability DatabaseVERACODE:38224

HistoryNov 24, 2022 - 6:47 a.m.

Cross-site Scripting (XSS)

2022-11-2406:47:13

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

moodle

validation

user-supplied input

field class.php

helper.php

remote attacker

malicious javascript

system

0.001 Low

EPSS

Percentile

44.4%

JSON

moodle/moodle is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation in the user-supplied input for field.class.php and helper.php which allows a remote attacker to inject and execute malicious JavaScript into the system.

CPENameOperatorVersion
moodle/moodlelev3.11.9
moodle/moodlelev4.0.4
moodle/moodlelev3.11.9
moodle/moodlelev4.0.4

Name	Operator	Version
moodle/moodle	le	v3.11.9
moodle/moodle	le	v4.0.4
moodle/moodle	le	v3.11.9
moodle/moodle	le	v4.0.4

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76131

bugzilla.redhat.com/show_bug.cgi?id=2142774

github.com/advisories/GHSA-xv72-6pgh-cjj8

github.com/moodle/moodle/commit/3259a19a6a193ddb801e9996f24b6ab6c389d0da

github.com/moodle/moodle/commit/fd9ab3efbd47424b5da39a0dfc7c6ec11c5b51ac

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

lists.fedoraproject.org/archives/list/[email protected]/message/2DHYIIAUXUBHMBEDYU7TYNZXEN2W2SA2/

lists.fedoraproject.org/archives/list/[email protected]/message/74SXNGA5RIWM7QNX7H3G7SYIQLP4UUGV/

lists.fedoraproject.org/archives/list/[email protected]/message/NLRJB5JNKK3VVBLV3NH3RI7COEDAXSAB/

moodle.org/mod/forum/discuss.php?d=440771

0.001 Low

EPSS

Percentile

44.4%

JSON

Related for VERACODE:38224