CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
37.9%
moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to lack of sanitization in the groups page which allows an attacker to inject and execute arbitrary javascript.
bugzilla.redhat.com/show_bug.cgi?id=2214369
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76683
github.com/moodle/moodle/commit/75264720ac91d2e73abdaec6e9cd304c6fc1a179
github.com/moodle/moodle/commit/79981290d91177d4a02395136961fc259be0d102
github.com/moodle/moodle/commit/90c23c75436644337551490656c30b15ea0155ca
github.com/moodle/moodle/commit/bbf492040eaf95e1ec81efc23fb9dec2dc4cd823
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
lists.fedoraproject.org/archives/list/[email protected]/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
lists.fedoraproject.org/archives/list/[email protected]/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
moodle.org/mod/forum/discuss.php?d=447829