Veracode Vulnerability DatabaseVERACODE:44242Cross-site Scripting (XSS)
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.1%
moodle/moodle is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to the absence of sanitization in the content of pagelib.php and the lack of access restrictions in editcomments.php. This allows an attacker to inject and execute malicious JavaScript, posing a potential security risk such as an Insecure Direct Object Reference (IDOR) vulnerability.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-79509
bugzilla.redhat.com/show_bug.cgi?id=2243443
github.com/advisories/GHSA-j5xf-gv89-g422
github.com/moodle/moodle/commit/4777e96a28ee12d8ae545feec424d129726b0eeb
github.com/moodle/moodle/commit/5fec728be9df3c9fc282cd0897c73ca5cfcfea5f
github.com/moodle/moodle/commit/924fa47b5bb11aa79a4fae6f899eb05c423b0013
github.com/moodle/moodle/commit/b0f1c1afe49460c5e53b09f434090fc4c2a48cd1
github.com/moodle/moodle/commit/c5ff2f6ab2be8acd77d5e6c395a5f6c54139ff59
github.com/moodle/moodle/commit/fce36ecf4fa338231cda911ce899c709f642e42c
moodle.org/mod/forum/discuss.php?d=451585
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.1%