CVE-2022-35653

MEDIUM EXPLOITED NUCLEI

Moodle 3.9.0-3.9.14 and 4.0.0-4.0.1 - Reflected Cross-Site Scripting in LTI Module

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-35653 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

Nuclei Templates (1)

Moodle LTI module Reflected - Cross-Site Scripting
MEDIUMVERIFIEDby iamnoooob,pdresearch
Shodan: title:"Moodle" || cpe:"cpe:2.3:a:moodle:moodle" || http.title:"moodle"
FOFA: title="moodle"

References (5)

Core 5
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2106277
Patch, Vendor Advisory x_refsource_misc
https://moodle.org/mod/forum/discuss.php?d=436460

Scores

CVSS v3 6.1
EPSS 0.0367
EPSS Percentile 88.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-02-15
CWE
CWE-79
Status published
Products (7)
fedoraproject/fedora 35
fedoraproject/fedora 36
moodle/moodle 4.0.0 (6 CPE variants)
moodle/moodle 4.0.1
moodle/moodle 3.9.0 - 3.9.15
moodle/moodle 4.0 - 4.0.2Packagist
redhat/enterprise_linux 8.0
Published Jul 25, 2022
Tracked Since Feb 18, 2026