6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%
A stored Cross-site Scripting (XSS) and blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921
bugzilla.redhat.com/show_bug.cgi?id=2106275
github.com/moodle/moodle
lists.fedoraproject.org/archives/list/[email protected]/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3
lists.fedoraproject.org/archives/list/[email protected]/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V
moodle.org/mod/forum/discuss.php?d=436458
nvd.nist.gov/vuln/detail/CVE-2022-35651
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
70.1%