CVE-2022-50943

Name of the Vulnerable Software and Affected Versions Moodle LMS version 4.0

Description An issue allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Specifically, JavaScript code can be injected via the search field in the 'course/search.php' endpoint to execute arbitrary scripts in users' browsers and steal session cookies. This is a cross-site scripting (XSS) flaw, which occurs when an application includes untrusted data in a web page without proper validation or escaping.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.