Cyber Resilience

CVE-2022-35653

Medium

Published: 25 July 2022

Published
25 July 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.8365 99.3th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-35653 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Moodle Moodle. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A reflected cross-site scripting vulnerability exists in the LTI module of Moodle, caused by insufficient sanitization of user-supplied data. The issue is tracked as CWE-79 and carries a CVSS 3.1 score of 6.1. It affects unauthenticated users who can be induced to interact with the vulnerable component.

An unauthenticated remote attacker can supply a crafted link that, when followed by a victim, executes arbitrary HTML and JavaScript in the context of the Moodle site. Successful exploitation enables theft of sensitive information, page-content manipulation, phishing, and drive-by download attacks. The flaw does not affect authenticated sessions.

Public references point to a Moodle commit addressing MDL-72299, a Red Hat Bugzilla entry, and Fedora package advisories that distribute updated Moodle builds. Administrators are expected to apply the referenced patches or upgrade to a corrected release to eliminate the reflected XSS vector. The associated EPSS score stands at 0.8365 with no indicated change in trajectory.

EU & UK References

Vulnerability details

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and…

more

execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

moodle
moodle
4.0.0, 4.0.1 · 3.9.0 — 3.9.15 · 3.11.0 — 3.11.8
fedoraproject
fedora
35, 36
redhat
enterprise linux
8.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References