Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6gx2-g773-hv9h

Опубликовано: 23 нояб. 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

Moodle reflected cross-site scripting vulnerability in policy tool

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

Ссылки

Пакеты

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 3.9, < 3.9.18

3.9.18

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 3.11, < 3.11.11

3.11.11

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 4.0, < 4.0.5

4.0.5

EPSS

Процентиль: 46%
0.00229
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-45150

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2022-45150

CVSS3: 6.1
ubuntu
больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

nvd логотип

CVE-2022-45150

CVSS3: 6.1
nvd
больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

debian логотип

CVE-2022-45150

CVSS3: 6.1
debian
больше 2 лет назад

A reflected cross-site scripting vulnerability was discovered in Moodl ...

fstec логотип

BDU:2022-07406

CVSS3: 5.4
fstec
больше 2 лет назад

Уязвимость системы управления курсами Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнять атаки с использованием межсайтовых сценариев (XSS)

redos логотип

ROS-20221222-03

CVSS3: 9.1
redos
больше 2 лет назад

Множественные уязвимости moodle

EPSS

Процентиль: 46%
0.00229
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2022-45150

Дефекты

CWE-79