CVE-2022-40313

HIGH7.1EPSS 0.36%

Moodle Stored Cross-site Scripting and page denial of service

發布日:2022/10/1修改日:2024/4/23

也稱為:GHSA-jqgr-gh62-jf53BIT-moodle-2022-40313

描述

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an Cross-site Scripting risk or a page failing to load.

受影響套件(2)

Bitnami/moodle>= 3.9.0, < 3.9.17, >= 3.11.0, < 3.11.10, >= 4.0.0, < 4.0.4
Packagist/moodle/moodle>= 3.9, < 3.9.17

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-40313
PATCHhttps://github.com/moodle/moodle
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=2128146
WEBhttps://moodle.org/mod/forum/discuss.php?d=438392