A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Jul 2022, 14:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Fedoraproject
Moodle moodle Fedoraproject fedora Redhat Moodle Redhat enterprise Linux |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2106275 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://moodle.org/mod/forum/discuss.php?d=436458 - Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/ - Mailing List, Third Party Advisory | |
References | (MISC) http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921 - Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:moodle:moodle:4.0.0:beta:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:* cpe:2.3:a:moodle:moodle:4.0.0:rc4:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.0.1:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:4.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
27 Jul 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-25 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35651
Mitre link : CVE-2022-35651
CVE.ORG link : CVE-2022-35651
JSON object : View
Products Affected
redhat
- enterprise_linux
moodle
- moodle
fedoraproject
- fedora
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')