CVE-2022-35653

High PUBLISHED

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data...

Moodle · Moodle

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
6.1 Medium

At a Glance

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

nuclei_scanner
CVE Published
Jul 25, 2022
Exploitation Reported
Jul 25, 2022
CVSS
6.1 Medium
EPSS
Remote Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
Moodle

Fixed in moodle 4.0.2, moodle 3.11.8, moodle 3.9.15

Affected

CVE References

  • FEDORA-2022-81ce74b2dd lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce%40list...
  • FEDORA-2022-7e7ce7df2e lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce%40list...
  • bugzilla.redhat.com/show_bug.cgi bugzilla.redhat.com · CVE Record https://bugzilla.redhat.com/show_bug.cgi?id=2106277
  • moodle.org/mod/forum/discuss.php moodle.org · CVE Record https://moodle.org/mod/forum/discuss.php?d=436460
  • git.moodle.org/gw git.moodle.org · CVE Record http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL...

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.