Lucene search

Veracode Vulnerability DatabaseVERACODE:41118

HistoryJul 04, 2023 - 1:41 p.m.

Cross-site Scripting (XSS)

2023-07-0413:41:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

moodle

cross-site scripting

vulnerability

javascript

groups page

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.9%

JSON

moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to lack of sanitization in the groups page which allows an attacker to inject and execute arbitrary javascript.

References

bugzilla.redhat.com/show_bug.cgi?id=2214369

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683

github.com/moodle/moodle/commit/75264720ac91d2e73abdaec6e9cd304c6fc1a179

github.com/moodle/moodle/commit/79981290d91177d4a02395136961fc259be0d102

github.com/moodle/moodle/commit/90c23c75436644337551490656c30b15ea0155ca

github.com/moodle/moodle/commit/bbf492040eaf95e1ec81efc23fb9dec2dc4cd823

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/

lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/

lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/

moodle.org/mod/forum/discuss.php?d=447829

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

37.9%

JSON

Related for VERACODE:41118