CVE-2022-35651

UNKNOWN

Published 2022-07-25T15:30:22

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-35651. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Moodle Stored XSS and blind SSRF possible via SCORM track details

GHSA-wwv7-h477-wrv7

Advisory Details

A stored Cross-site Scripting (XSS) and blind Server-Side Request Forgery (SSRF) vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Affected Packages

Packagist moodle/moodle

ECOSYSTEM: ≥3.9 <3.9.15

Packagist moodle/moodle

ECOSYSTEM: ≥3.11 <3.11.8

Packagist moodle/moodle

ECOSYSTEM: ≥4.0 <4.0.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-35651

WEB https://bugzilla.redhat.com/show_bug.cgi?id=2106275

PACKAGE https://github.com/moodle/moodle

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3

WEB https://lists.fedoraproject.org/archives/list/[email protected]/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V

WEB https://moodle.org/mod/forum/discuss.php?d=436458

WEB http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921

Advisory provided by GitHub Security Advisory Database. Published: July 26, 2022, Modified: April 23, 2024

References

https://bugzilla.redhat.com/show_bug.cgi?id=2106275

https://moodle.org/mod/forum/discuss.php?d=436458

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-71921

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/

Published: 2022-07-25T15:30:22

Last Modified: 2024-08-03T09:36:44.408Z

Copied to clipboard!

CVE-2022-35651

Expert Analysis

Description

Available Exploits

Related News

GitHub Security Advisories

Moodle Stored XSS and blind SSRF possible via SCORM track details

Advisory Details

Affected Packages

CVSS Scoring

CVSS Score

CVSS Vector

References

References

Request Analysis

What to expect

Request Received!