Description

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

Remediation

References

CVE-2022-35651

Related Vulnerabilities

WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)

Oracle Database Server CVE-2019-2799 Vulnerability (CVE-2019-2799)

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-43560)

Oracle JRE CVE-2012-0504 Vulnerability (CVE-2012-0504)

Severity

Medium

Classification

CVE-2022-35651 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities