PT-2022-4072 · Moodle+2 · Moodle+2

Rekter0

·

Published

2020-11-08

·

Updated

2024-03-06

·

CVE-2022-35651

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)
Description A stored XSS and blind SSRF issue exists due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in the user's browser in the context of the vulnerable website to steal potentially sensitive information, change the appearance of the web page, perform phishing, and drive-by-download attacks.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SSRF

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-79

Related Identifiers

ALT-PU-2020-3235
ALT-PU-2022-2502
ALT-PU-2022-2553
BDU:2022-04906
BIT-MOODLE-2022-35651
CVE-2022-35651
GHSA-WWV7-H477-WRV7

Affected Products

Alt Linux
Moodle
Red Os