Lucene search

K

Veracode Vulnerability DatabaseVERACODE:35602

HistoryMay 19, 2022 - 8:02 a.m.

Cross-Site Scripting (XSS)

2022-05-1908:02:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

76

cross-site scripting

moodle

stored

vulnerable

arbitrary javascript

EPSS

0.001

Percentile

39.4%

moodle/moodle is vulnerable to stored cross-site scripting. The vulnerability exists in render_assign_user_summary function in renderer.php because the identity fields in allocate marker form are not properly escaped which allows an attacker to inject and execute arbitrary javascript.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204

bugzilla.redhat.com/show_bug.cgi?id=2083583

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204

github.com/advisories/GHSA-wvh5-78h5-gmgr

github.com/moodle/moodle/commit/6abe964bbac41b5e40a81b40962f7044b0dc201e

lists.fedoraproject.org/archives/list/[email protected]/message/OGF35EN5K2R6X3NTY3XPZSJ3UDASMXI6/

lists.fedoraproject.org/archives/list/[email protected]/message/PIMSIRKCFLIC646K4GMUSZU7THOUVPAJ/

lists.fedoraproject.org/archives/list/[email protected]/message/QCTWSE3JDMSYL7DPCMXMMJEXZSS6VIA5/

moodle.org/mod/forum/discuss.php?d=434578

EPSS

0.001

Percentile

39.4%

Related for VERACODE:35602

cve1 github1 osv3 nvd1 prion1 redhatcve1 ubuntucve1 cvelist1 openvas3 nessus4 fedora3 redos1