Lucene search

K

Veracode Vulnerability DatabaseVERACODE:39387

HistoryFeb 23, 2023 - 5:16 a.m.

Cross-Site Scripting (XSS)

2023-02-2305:16:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

cross-site scripting

moodle

vulnerability

user-supplied data

remote attacker

html

javascript

browser

EPSS

0.001

Percentile

50.2%

moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists due to insufficient sanitization of user-supplied data in specific returnurl parameters; a remote attacker can trick a victim to follow a specially crafted link resulting in the execution of arbitrary HTML and JavaScript code in the user’s browser.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810

bugzilla.redhat.com/show_bug.cgi?id=2162526

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76810

github.com/advisories/GHSA-97qf-pq7x-964m

github.com/moodle/moodle/commit/261fe42c055eddfc59a82743d738f08622cd3a02

github.com/moodle/moodle/commit/2ea89b98a75b79144ebe482c6b74b5e32658ff64

github.com/moodle/moodle/commit/312318201b426f7b1f63bbfc03e3c950d496e854

github.com/moodle/moodle/commit/799f7fb18f1ddccbe08faa98882c1552c5cce264

moodle.org/mod/forum/discuss.php?d=443272#p1782021

EPSS

0.001

Percentile

50.2%

Related for VERACODE:39387

osv3 prion1 cvelist1 cve1 github1 nvd1 ubuntucve1 openvas1 nessus4 redos1