CVE-2022-35653

Name of the Vulnerable Software and Affected Versions Moodle (affected versions not specified)

Description A reflected XSS issue was identified in the LTI module of Moodle due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim into following a specially crafted link and execute arbitrary HTML and script code in the user's browser in the context of the vulnerable website to steal potentially sensitive information, change the appearance of the web page, perform phishing, and drive-by-download attacks. This issue does not impact authenticated users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.