CVE-2022-45151

Summary

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Affected Software

VendorProductVersion RangeStatus
n/aMoodleFixed in moodle 4.0.5, moodle 3.11.11affected

Weaknesses

  • CWE-79: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References