Moodle Input Validation Error Vulnerability (CNVD-2022-54916)

2022-07-2100:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.003 Low

EPSS

Percentile

70.1%

JSON

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can be exploited by attackers to cause stored cross-site scripting (XSS) and cross-site request forgery (SSRF) attacks.

CPENameOperatorVersion
Moodle Moodle >=3.9.0，lt3.9.15
Moodle Moodle >=3.11.0，lt3.11.8
Moodle Moodleeq4.0.0
Moodle Moodleeq4.0.1

Name	Operator	Version
Moodle Moodle >=3.9.0，	lt	3.9.15
Moodle Moodle >=3.11.0，	lt	3.11.8
Moodle Moodle	eq	4.0.0
Moodle Moodle	eq	4.0.1

0.003 Low

EPSS

Percentile

70.1%

JSON

Related for CNVD-2022-54916