Your submission was sent successfully! Close

CVE-2022-45150

Published: 23 November 2022

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
moodle
Launchpad, Ubuntu, Debian
bionic Needs triage

focal Does not exist

jammy Does not exist

kinetic Does not exist

trusty Ignored
(out of standard support)
upstream Needs triage

xenial Ignored
(out of standard support)